Use these to jump around or read it all…
[Do You Hand Out Cookies On Goodies, Joe?]
[What Is A Cookie?] [Are Cookies Bad?]
[How Do I Pass Out Cookies?]
[What About Nieman Marcus?!]
Thank you to those in the know who caught some of the unintentionally misleading information.
This version was posted on 6/18/97.
A cookie, huh? Either you are a real Net-head or you have stopped by to get the ingredients for that Nieman Marcus cookie that has been shuffled around the Net. If you’re actually looking for a food item — you’re out of luck. (Okay, maybe I explain the cookie story at the very end of the tutorial….) This is a tutorial dealing with electronic cookies.
Cookies, Joe?
Yeah. Cookies are a small computer-generated text file (no larger than 4K) that you receive when you stop into certain sites. Unless you have made a point of setting your browser’s preferences so you do not accept cookies, or have installed a JavaScript to do that same, you probably have a cookie sitting in your browser’s directory right now. The use of cookies is quite widespread.
I have heard a few different reasons why the little files servers and browsers are using are called cookies. Each is probably less creditable than the last but, for entertainment purposes, here are a few.
- In UNIX, files of this type had a name something like k00k.z. Thus the strange pronunciation as “cookie” (uh-huh…).
- The guy who got really really really rich by creating Netscape digs these particular chunky cookies–thus the name (hmmm…).
- Because distributing cookies is like leaving crumbs all over (uh…).
- Just because (probably the most truth in this one…).
Ben Buckner offers what sounds as if it could be a true story:
About the term’s origin, it’s a very old bit of programmer slang (usually) for a piece of data stored to communicate between two processes, typically separated in time, and often as some kind of flag. The fuller form is “magic cookie.” I know I’ve heard it used as far back as the late ’80s anyway. The real defining point of the magic cookie is that some part of the data is unique to the process(es) so that the receiver can ensure that it’s getting the message from the expected source. In the HTTP cookie, the server domain name serves that purpose, though in this case the client actually performs the verification to prevent server-based hanky-panky. I’ve heard that the term “magic cookie” was originally coined in reference to one of those old adventure games (perhaps “Adventure” itself) in which you had to give some character a magic cookie to get something from it (analogous to cookie verification), but that’s just a vague memory.
Eh… I’ll buy it.
# http://www.netscape.com/newsref/std
# /cookie_spec.html
# This is a generated file! Do not edit.
.sportszone.com TRUE /FALSE 876509359
.netscape.com TRUE /FALSE 946684799
NETSCAPE_ID 1000e010,138f8fd5
www.webCrawler.com FALSE /
FALSE 852076799
webcrawlerad 46162
What It All Means
I dunno. No, really — I dunno. It’s fairly obvious who has offered a me a cookie. I got one from Sportszone and one from Webcrawler. The big long numbers are computer stuff. Some have told me they’re dates. They could very well be.
Update (7/14/97) from Sumudu Fernando
Hi, Joe.
I’ve been a visitor to your site for a long time now, and I’d like to clear up the issue about those long numbers in the cookie file. Those numbers are not put there by CGI, but by JavaScripts. You see, the numbers are expiration dates. They are so long and look nothing like dates because if you ask a JavaScript to get the current date, add a year so the cookie will remain for a year, and put it in the cookie, the script writes down the amount of milli-seconds between the expiration date and January 1, 1970. I hope this helps.
My guess is that this concept of cookie trading is very new to many of you. But to be fair, the use of cookies does infringe on privacy. The server does know if someone stopped by before and knows what that person did while they were there. If you haven’t taken this tone from me yet, I don’t believe cookies are all that awful. No, I don’t use them, but I also don’t mind someone using them on me. Someone with far more knowledge than me might prove me wrong, but I don’t think we can expect to move around public phone lines and personal servers totally anonymously. Let’s look at some of the actual concerns people have written to me about cookies. I will comment. I welcome yours also. I agree to a point that surfing is invasive to your privacy, but it might be a trade-off you are willing make in order to have this web of computers that takes so much of our time. Stop and think — phone bills, power bills, cable bills… each of those also gathers information about you. Plus, they probably asked for your SS number. Should we be anonymous to them, too? It’s a good debate, if nothing else. It’s up to you whether the cookies are good or bad. On another note… I enjoy asking people if they would ever give a credit card number over the Internet, even though great steps have been taken to ensure encryption of the numbers. Most people have a rather violent reaction against doing it. They then hand their card to the waiter who walks into another room with it. I’m starting to say this a lot, but cookies cannot be done simply through HTML. Cookies are done at the server level. You must actually place a CGI application that records, reads, and places cookies for you. That’s a page that explains the whole process right down to the smallest details of offering the CGI and links to other Netscape pages. Again, knowing how may not be enough. You’ll have to be able to place the CGIs into the correct directories, do a CHMOD command to affect the directory, blah, blah, blah. It gets mighty complicated. Then again, you could just not use them. You may already have all the information you need just through your log files. Maybe a counter on your page is all you’re really interested in. Cookies are very seldom handed out unless there is a good reason. Just keeping track of who stops in for the heck of it probably won’t sway the people in charge to place cookie applications for you. On to the cookie story. It seems that someone’s brother’s former roommate’s friend took his daughter (wife, friend, etc.) to Nieman Marcus for lunch (dinner, breakfast). My version of the story had the daughter purchasing a scarf and a wool hat. Details make for a more compelling tale! Are Cookies Bad?
I guess that depends on whom you speak to.
Yes, and K-Mart knows you’re in their store. However, you’re not being videotaped in a WWW server. You are in a lot of K-Marts.
You bet. Where else, other than your home, can you have complete domain over all that is inside, taking whatever you want, while remaining totally anonymous?
To a point. Your login or e-mail login may be gathered because it’s listed in the browser’s general information. But it’s not gathered by the cookie. The cookie can’t do that. An applet can, and then it can be written to the cookie. This is a bit unnerving, I agree. But as I said before, it’s hard to go around this web of computers totally anonymously.
If they do, then a line has been crossed and the person who is using the unauthorized e-mail addresses should be prosecuted.
Not unless you offer it.
Ditto.
Ditto, ditto… How Do I Hand Out Cookies?
What is new here is that I can tell you where to go to get the CGI application and the instructions on how to set it up.
So, You Want A Shopping Cart, Huh?
Is That It?
Well, yeah. I can’t cover much more than what I’ve already told you. To go farther, you’ll need to get in touch with your own people. They’ll be able to place the CGIs or be able to show you what is already being done log-wise for you.
The people ordered and ate and were served three small cookies at the end of the meal. They liked the cookies so much the gentleman asked if he could purchase the recipe. The waiter said yes and stated the price at two-fifty. The man agreed. When his credit card statement arrived, he noted that it was $250 rather than $2.50. Apparently he’ll sign anything at the restaurant.
Inflamed with cookie passion he said he would let the world know the recipe if they didn’t take the charge off the card. They refused and he set to spamming this story all over the Net through BBS servers and e-mail.
The recipe I received was actually pretty good. It called for finely ground coffee and oatmeal. In reality, it could be true but probably isn’t. But… it’s a reason to make cookies. And it’s my opinion we could all use a few more reasons to make cookies.
[Do You Hand Out Cookies On Goodies, Joe?]
[What Is A Cookie?] [Are Cookies Bad?]
[How Do I Pass Out Cookies?]
[What About Nieman Marcus?!]