In association with heise online


Your current setting:

Cookies are

Cookies are small snippets of data that the browser stores on your hard disk on request off a Web server. They contain information that helps the Web server recognize visitors the next time they come by; in most cases, they contain some kind of identification code (ID). The information collected by the server on the respective visitor is not stored in cookies themselfs but in a database along with the ID. Whenever the user visits this server again, his browser delivers the cookie automatically, allowing the server to "recognize" the
visitor. Many personalised pages also work with cookies.

Of course, companies can also create profiles with their visitors' preferences. Advertising agencies such as DoubleClick use their banners to distribute cookies to thousands of Web sites, which helps them to track the surfing behaviour of vast numbers of visitors. Thus, the cookies' primary effect is their impact on
surfers' privacy.

In the wrong hands though, they can also become a security problem. Normally a server can only access the cookies for its own domain - for instance If an attacker manages to access foreign cookies through cross-site scripting attacks, he may even take over the identity of his victim and access this person's data.

Although it is possible to adapt a browser only to accept cookies upon request, experience shows that some sites create a sheer flood of such request dialogue boxes, which surfers can hardly cope with. A compromise would be to accept cookies only from servers whose pages the user is currently visiting or to clear out the cookies once in a while. Firefox and Opera already provide functions that allow the user to selectively delete cookies. Internet Explorer will provide such an option in version 7. Those who attach great importance to guarding their privacy should disable cookies by default.


  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit