First time here? Welcome to the site! A log of this visit has been recorded using cookies. Refresh the page to see cookies in action!
Cookies allow web pages to store information about their users locally rather than on the server. This is somewhat of an anomaly because web pages typically have limited access to the operating system of their users. Cookies enable web developers to store a small piece of information about a user on their local machine. The information is then returned to the server on subsequent page loads. This opens up a myriad of possibilities!
Technically speaking, cookies are simple text files that are no larger than 4 kilobytes in size.
Here is a typical cookie as placed on my Windows XP machine by Google. Cookies are stored at a rate of one cookie per text file. Thus, if a web site sets multiple cookies, multiple files appear on the user's machine. The nature of the data stored in a cookie is dictated by the web page that sets the cookie. It is the responsibility of the web page to know what type of data exists in a particular cookie and interpret it correctly when the page reloads. The way cookies are stored and interpreted on a local machine is dependent on the web browser. However, cookies are passed around the internet in accordance with HTTP's specifications. For more information, refer to
http://wp.netscape.com/newsref/std/cookie_spec.html. Although the nature of the data stored in a cookie is unrestricted, there are fixed parameters to describe the cookie itself:
- Cookie Name
- Cookie Data (Optional)
- Expiration Date (Optional)
- Path Restriction (Optional)
- Domain Restriction (Optional)
- Security Requirement (Optional)
While the first two parameters are self-explanatory, the rest require further discussion. A cookie's expiration date describes the date and time at which the cookie should be removed by the host operating system. Different scripting languages require you to specify the expiration date in different ways. For instance, PHP expects a Unix timestamp. If a cookie's expiration date is omitted, then the cookie will only last as long as the current browser session and is referred to as a
Session Cookie and is stored in RAM. Otherwise, the cookie is referred to as
persistent and is written to the user's hard disk.
A cookie's path restriction specifies the directory on the server that should be granted access to the cookie. All other directores are unable detect the cookie's presence on page load. For example, if you restrict the cookie to a path such as
webpages/my_homepage, then the cookie will only be available to web documents that exist in my_homepage or any of its subdirectories.
A cookie's domain restriction specifies the domain on which the cookie should be made available. For instance, if the domain restriction is set to
.google.com, then the cookie is available to all subdomains of
.google.com, such as
gmail.google.com. Of course, any path restrictions applied earlier are still in effect! Lastly, a cookie's security parameter describes whether or not the cookie should be available to non-secure connections. Cookies are always available to secure (HTTPS) connections. However, if the security option is set to true then non-secure connections are denied access.
Email:
mcintyr@cs.montana.edu Last Updated: June 8th, 2005