How It Works: Cookies

Cookie: a data file written to your hard drive by a Web server that identifies you to a site.

• Helps a Web site "remember" who you are and set preferences accordingly when you return.
  
  
• Eliminates the need to repeatedly fill out order forms or re-register on Web sites.
  
  
• Allows Web sites or advertising companies to track your Web surfing behavior or patterns.
  
  

It's nice to be recognized. On the Web, sites can greet you like an old friend thanks to cookies. Beginning with Navigator 3.0 and Internet Explorer 3.0, browsers have worked with Web sites to record these small bits of identifying information on your hard drive, which the sites can use to track your activities and recognize you when you return. Cookies are now ubiquitous on the Web, but users, businesses, and consumer groups debate the nature of these tiny files: For some, they promise a more user-friendly Web; for others, they pose a privacy threat.

When you visit a site that sets cookies, commands embedded in the page cause your browser to contact the site's server. The server sends information back to the browser, where it's stored in a particular place on your hard drive. Different browsers store cookies in different places: Netscape Navigator maintains a file called cookies.txt that contains all cookie records from every site that creates a cookie. On a PC running Windows, Internet Explorer stores its cookies in the C:\windows\cookies directory. When you return to a site, the server queries your browser to find the cookie it created before, and the browser sends the cookie's information in response.

Cookies come in two varieties: Session cookies and persistent cookies. Session cookies clear out after you close the browser window (ending the session) and often are used by "shopping carts" at online stores to keep track of items you want to buy. Persistent cookies are set by news sites, banner ad companies, and others who want to know when you return to a site. These files reside on your hard drive after you leave the site.

Both types of cookie files contain the URL or domain name of the site you visited and some internal codes that indicate which pages you visited. Persistent cookies add the last time you visited the site and how many times you've been there. They usually contain a code that becomes your unique identifier, which lets a site know that you've been there before. Some cookies can contain personal information, such as a name or e-mail address, but only if you've given that information to the Web site. Contrary to popular rumor, cookies can't "steal" your name or e-mail address if you don't give it out.