Knowledge : Did You Know?

Do cookies compromise security?

Cookies are messages that a web server transmits to a web browser so that the web server can keep track of the user's activity on a specific website. The message that the web server conveys to the browser is in the form of an HTTP header that consists of a text-only string. The text is entered into the memory of the browser. The browser, in turn, stores the cookie information on the hard drive so when the browser is closed and reopened at a later date the cookie information is still available.

Web sites use cookies for several different reasons:

1)

To collect demographic information about who is visiting the website. Sites often use this information to track how often visitors come to the site and how long they remain on the site.

2)

To personalize the user's experience on the website. Cookies can help store personal information about you so that when you return to the site you have a more personalized experience. If you have ever returned to a site and have seen your name mysteriously appear on the screen, it is because on a previous visit you gave your name to the site and it was stored in a cookie so that when you returned you would be greeted with a personal message. A good example of this is the way some online shopping sites will make recommendations to you based on previous purchases. The server keeps track of what you purchase and what items you search for and stores that information in cookies.

3)

To monitor advertisements. Websites will often use cookies to keep track of what ads it lets you see and how often you see ads.

Cookies do not act maliciously on computer systems. They are merely text files that can be deleted at any time - they are not plug ins nor are they programs. Cookies cannot be used to spread viruses and they cannot access your hard drive. This does not mean that cookies are not relevant to a user's privacy and anonymity on the Internet. Cookies cannot read your hard drive to find out information about you; however, any personal information that you give to a website, including credit card information, will most likely be stored in a cookie unless you have turned off the cookie feature in your browser. In only this way are cookies a threat to privacy. The cookie will only contain information that you freely provide to a website.

Cookies have six parameters that can be passed to them:

1)

The name of the cookie.

2)

The value of the cookie.

3)

The expiration date of the cookie - this determines how long the cookie will remain active in your browser.

4)

The path the cookie is valid for - this sets the URL path the cookie us valid in. Web pages outside of that web cannot use the cookie.

5)

The domain the cookie is valid for - this takes the web parameter one step further. This makes the cookie accessible to pages on any of the servers when a site uses multiple servers in a domain.

6)

The need for a secure connection - this indicates that the cookie can only be used under a secure server condition, such as a site using SSL.

Both Netscape and Microsoft Internet Explorer (IE) can be set to reject cookie if the user prefers to use the Internet without enabling cookies to be stored. In Netscape, follow the Edit/Preferences/Advanced menu and in IE, follow the Tools/Internet Options/Security menu to set cookie preferences.