March 21, 2002

Cookie Monster!

A cookie is piece of information sent by a web server to a web browser that the browser software is expected to save and to send back to the server whenever the browser makes additional requests of the server. Depending on the type of cookie used, and the browser's settings, the browser may accept or not accept the cookie, and may save the cookie for either a short time or a long time. Those data are then stored on your own hard disk - not on the server. The next time you enter that site, the server looks for a file on your disk and reads the information you previously submitted.

Cookies might contain information such as login or registration information, online "shopping cart" information, user preferences, etc. When a server receives a request from a browser that includes a cookie, the server is able to use the information stored in the cookie. Cookies are usually set to expire after a predetermined amount of time and are usually saved in memory until the browser software is closed down, at which time they may be saved to disk if their "expire time" has not been reached.

While having a remote site store data on your hard disk seems ominous, don't get in a panic. Cookies aren't a threat to security, although they can lead to annoying junk e-mails.

If you look, you'll see the information in a cookie is benign. Do a search for the word cookie on your drive C: and you will see a mess of cookie files. Some of the files will have the extension .txt and will automatically open in Notepad when double-clicked. Others will carry the name of the visited website. These end in .com (because they are .com sites) and Windows will think they are programs (because programs have the extension .com). So if you get a warning message when you double-click on the file, you can choose to ignore it or simply not open it.