Cookies

Overview

• How they work. Why are they needed

  Sent by the server, stored on the browser. Sent back to the server with the next request. This way the server "remembers" about previous activity from the browser: A remedy for the "stateless http".

• What are they used for (the good and the bad)

  • authentication purposes: The server remembers that you have already logged in on an account, so you do not need to provide login info with every page. Think of when you read your gmail.
  • Tracking of user's activity in a site: implementation of shopping baskets.
  • Saving user preferences, and remembering a password.
  • User profiling and activity tracking, especially across "third" web sites. Violation of privacy.

• Find the cookies in common browsers: settings available

  In Firefox and Safari, look under browser's Preferences, the Privacy. In Chrome look under Preferences and then Settings, and then click on Show advanced settings.
  Can you locate the list of cookies stored on your browser? How about particular information on each cookie? Do you see any differences among the different browsers?

• Experiment with different browser settings

  What are the different choices the user has about accepting cookies? What would you recommend, in general? Do you see any differences in the way these choices are worded in different browsers?
  • Go to the Wall Street Journal home page (wsj.com). Clear all cookies. Then experiment with accepting/not accepting cookies, and blocking/allowing third-party cookies.
    Are there any cookies used by this site? Can you figure out whether any third party cookies are saved on your browser when visiting the wsj home page? Do you see any differences among the three major browsers?
  • Set preferences to *not* accept cookies, and try to login to facebook.
  • Accept cookies, login to facebook, click around, clear cookies, and see what happens when you click on any link.

Third-party cookies

• What are they.
• In the preferences, set to accept cookies from third-parties.
• Visit macys.com, dictionary.com, wsj.com. Look at your cookies.
• Set preferences to *not" accept third-party cookies, and visit the same site again. Look at your cookies now.
• doubleclick.com (acquired by google in 2008). Has a big network of advertizers that it works with. dictionary.com gives it access to store cookies on your browser.
• More info on Cookies and Security Risks.

Noticing first time visitors

• reload the page
• Look at the cookie
• Read the relevant code
• Does the cs server use third-party cookies? How can you find out?

Enabling Do Not Track on your browser.

• Check to see how to enable Do Not Track on all three browsers.
• Visit twitter.com with and without the "Do Not Track" enabled. Is there any difference?