Server Cookies
The term cookies is applied to the general mechanism which server side connections may employ for the purposes of storing and retrieving information from the client side of a connection. This application has been developed so as to significantly increase the capabilities of Web-based client server applications. The way this works is that when a server returns an HTTP object to any of its clients, it also downloads a piece of state information which is stored on the client side. The description for the range of URLs for which this state has been validated is included in the state object. This means that should any future HTTP request made by the client that falls in the levels as validated in the state object would include a transference of information that provides the current value of the state object from the client to the server. This was meant as a utility service in Web based information but has been misused to leading to a lot of controversy. This state object is called the cookie. The cookie has proved to be a simple mechanism and a powerful new tool that enables a number of new kinds of applications to be written for web based applications. Some examples of the way cookies are being used include shopping applications being able to store information on the currently selected items, services that collect a fee can send back the registration information and make the client free of the need to retype the user-id during the next connection, sites can store the user preferences of the client, and cause the client to provide those preferences each and every time that the site is connected to. (Persistent client State Http Cookies)
We have seen that a cookie is required to possess a set of parameters. There are six parameters that make up a cookie and these are the name, the value of the cookie, the date of expiry of the cookie, the path for which the cookie is valid, the domain for which the cookie is valid and the requirement of a secure connection for the utilization of a cookie. Of these six only the name and value parameters are mandatory. The rest of the four can be set either manually or automatically. Each parameter is separated by a semicolon in its format. (Cookie Fundamentals: The Unofficial Cookie FAQ) the manner in which a cookie is used is best examined by a simple example and here we use the example of amazon.com the online book store. Let us consider that we in tend to purchase a book online. The process goes this way. We will type the URL http:www//.amazon.comin our browser and the browser will make an attempt to contact the Amazon server and make a request for the home page. As the browser does this it will also look on our machine to see if there is a cookie that has been set by Amazon. (How Does Cookie Data Move?)
In the event it finds an Amazon cookie the browser will send all the name value pairs in the file to the server of Amazon along with the URL. In case it does not find any cookie file it will send no cookie data. The server of Amazon receives both the cookie data and the request for a page. In case it receive name value pairs Amazon can make use of it. In the event no name pairs are received the Amazon server become aware that we have not visited the site before and creates a new ID for us within the database of Amazon and then sends name value pairs to our machine in the header of the Web page sent to us. This name value pair is stored in our machine on the hard disk. The Web server can alter the name value pairs or provide new pairs any time we visit the site again and request a page. There is a method to control this and that is to utilize the option in the browser used whereby any time there is an attempt by any site to send name value pairs the browser passes on this information to the concerned machine. The user then can accept or refuse the values sent. (How Does Cookie Data Move?)
The development of cookies took place it removed a major problem for the Web site designers and implementers. Looked at from a broad perspective the cookie permits a site to store state information on the user’s machine and this information permit the site to keep in memory what state the browser of the user was in. In the event there is an ID on the browser it means that the user has visited the site at least once before and the site remembers the users ID from that visit. Thus with the help of cookies a web site can find out the number of different persons visiting the site and also how many times each person visits the site. There is another information that can be gleaned and that is the preference of the user as it tracks the site preference of the user. However the most important use of cookies remains in the area of e-commerce sites or online purchase sites that has permitted the creation of shopping carts and quick checkout. Without cookies such an activity would not have been possible. This is because the cookie has an ID and allows the site to keep track of the user activity in the site. Each item that is added to the shopping cart is stored in the database of the site along with the ID value of the user. When the user checks out the site knows all that has been put into the shopping cart by retrieving all the selections made form the database. The value of all the selections is then provided as an invoice for settlement. This convenient and popular method of shopping would have been impossible to implement without cookies. (How Do Web Sites Use Cookies?)
The cookies however are not perfect in their applications and have their imperfections. The first is that people often share machines like in public areas or offices or even at homes and this leaves scope for misuse of an account of one user by another user. Online stores normally post evident warnings but still mistakes can happen leading to misuse. The next is that cookies can get erased especially when there is a problem with the browser and technical support is called in where one of the first things done is to erase all the temporary internet files on the user machine. This causes the loss of all the data as far as the web sites are concerned on the user as the cookies get erased and along with that all the benefits that the cookie was supposed to deliver. Another problem with the cookies is that there are users who use multiple machines in a day and that means that the concerned user gets as many ID’s as the number of machines used leading to skewing of information on that user as far as that web site is concerned. (Problems with Cookies)
However the major issue with cookies is with regard to Internet privacy and this has raised a lot of controversy on the use of cookies that infringes on the privacy of the users of the Internet.. This hue and cry has come about because of the way in which some companies utilize the information that the cookies can secure and there are two ways in which this misuse is seen. In the first instance this method of misuse has been the bane of Internet user for decades. The Web site that is visited by a user is capable of not only tracking the purchases made by the user, but also the various pages that are accessed by the reader including the various advertisement sites visited and so on. This allows for a web site to know a lot about the user preference in purchasing, reading and areas pf interest. This information can be sold to others that are interested in knowing where their markets lie. This has led to a lot of telemarketing and junk mail and this has made many of the Internet users mad. The second method of misuse is unique to the Internet. There are specific infrastructure providers that really develop cookies that are seen on multiple sites and the most famous in this regard is DoubleClick. (Why the Fury around Cookies?)
DoubleClick is one of many companies that install cookies in the machine of a user to collect information on the sites visited by the user along the information on the interests of the user. It is not necessary for the user to visit their Web site as they have planted their cookies in more than one thousand five hundred Websites. The utility part of these coolies is that they permit the user to revisit the sites without the need to reenter the registration information as the cookie has already collected and stored this relevant information during the previous visit. In January 2000 a new system was implemented by double click wherein for the first time the linking of the name of the user and any other information that it can pick up as the user moves from site to site. This is done in this manner and that is the user name and address is collected and stored in a cookie from a site where this is entered and the name and address is then linked to all the other activity that the user does on the web sites and stored in the same cookie and thus the activities of the user are linked to the real identity of the user. All this information is then sold to the highest bidder and it is estimated that there are nearly one hundred million such files available on Internet users that clearly indicates that the privacy of a majority of the individuals in the United States of America are being infringed upon and this is causing real concern. There are many individual and organized actions in court against the actions of companies like DoubleClick and Yahoo. Some of these court actions have been on the basis of the anti-stalking law of Texas, as it is considered electronic stalking and many believe that the use of cookies is likely to be made illegal in Texas because of these actions. (Privacy on the Web)
The extent of this invasion of the privacy of the individual has gone to such an extent that the State of California also requires that the citizens be notified in case any outsider has gained access to their Social Security numbers, as it puts them in jeopardy of identity theft. This means that the State of California acknowledges that there is the likelihood of an individual not just loosing the material possessions of the individual but his very identity. Sounds more like the devil at work. (Hacking Attacks Rarely Made Public, Experts Say)
Under these circumstances the user of the Internet needs to be more careful or rather not divulge any of the private information that a site might seek. The best way is not to provide any site information unless there has been a definite decision on the part of the user to have a business relationship with them When just visiting sites and registration is required the best thing to do is just to cook up some information as there is no obligation to provide truthful information on the part of the user. The Internet user today has to be very careful in divulging private information and the cause of this are the cookies. (Privacy on the Web)
References
Brain Marshall. How Does Cookie Data Move?. Retrieved at http://computer.howstuffworks.com/cookie2.htm. Accessed on March 15, 2005
Brain Marshall. How Do Web Sites Use Cookies?. Retrieved at http://computer.howstuffworks.com/cookie3.htm. Accessed on March 15, 2005
Brain Marshall. Problems with Cookies. Retrieved at http://computer.howstuffworks.com/cookie5.htm. Accessed on March 15, 2005
Brain Marshall. Why the Fury Around Cookies? Retrieved at http://computer.howstuffworks.com/cookie6.htm. Accessed on March 15, 2005
Cookie Fundamentals: The Unofficial Cookie FAQ. Retrieved at http://www.cookiecentral.com/faq/. Accessed on March 15, 2005
Example of uses for cookies. Retrieved at http://www.webestilo.com/en/php/php13c.phtml Accessed on March 15, 2005
Hacking Attacks Rarely Made Public, Experts Say. February 18, 2005
Retrieved at http://www.cnn.com/2005/TECH/02/18/hacking.disclosure.reut / Accessed on March 15, 2005
Persistent client State Http Cookies. Retrieved at http://wp.netscape.com/newsref/std/cookie_spec.html. Accessed on March 15, 2005.
Privacy on the Web. Retrieved at http://www.shortcourses.com/how/privacy/privacy.htm Accessed on March 15, 2005
