cookies

Bennett, David bennett at rmcnet.robert-morris.edu
Tue Jun 9 13:02:20 EDT 1998 

>  I've disabled cookies
> but am getting pressure from patrons who desire them.  I'm leery of
> allowing them on public workstations.

     I've read some excellent answers already as to role of cookies in 
overcoming the "stateless" nature of HTTP and also the issues of privacy. 
 I have two very practical suggestions for those who want to learn more 
about cookies, and then I want to address the second part of your 
question (cookies sent back to a different server):

     1. Look at your cookies file with the notepad.  It's a simple text 
file named "cookies.txt" and I find it instructive to look at from time 
to time.   

     2. In the newer versions of Netscape, you can set the preferences to 
"Warn me before accepting cookies."  This can be helpful in knowing when 
a new cookie is being set.  (I don't leave the warning turned on because 
the use of cookies is so prevalent.)   You can use this warning to 
determine which applications require cookies and might suffer if cookies 
were not allowed.

> Am I being to fussy?  What would be the practical significance of
> enabling cookies which are sent back to the server?

I'm not sure this part of your question has been answered yet.  In 
Netscape 4.x, you have the following four options:
          Accept all cookies 
          Accept only cookies that get sent back to the originating 
server 
          Disable all cookies 
          Warn me before accepting a cookie 
These choices are in the Edit menu, under Preferences, Advanced. 
Communicator 4.0
defaults to accept all cookies.

     Your question raises an interesting question about the Netscape 4.x 
distinction of allowing ONLY cookies that get sent back to the 
originating server.   I think it only reasonable to deny cookies that are 
sent back to a different server. 

     An article at PCWORLD "Trojan Horse E-Mail Can Expose Your Web 
Wanderings"  by Brian McWilliams, PC World News Radio October 22, 1997 
says the option is to plug a specific security loophole.  You can read 
the article here:
 http://www.pcworld.com/news/daily/data/1097/971022171225.html  

******************************************************
David Bennett  (bennett at robert-morris.edu)
Systems Support & Instruction Librarian
Robert Morris College Library
881 Narrows Run Road
Moon Township, PA  15108
(412) 262-8474
(412) 262-4049 fax
******************************************************

More information about the Web4lib mailing list