[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Cookies
From: |
Jim Dennis |
Subject: |
Re: LYNX-DEV Cookies |
Date: |
Mon, 30 Jun 1997 00:34:13 -0700 |
> Dear Ladies and Gentlemen,
>
> Given the previous discussion about cookies, could someone explain to me
> (or point out a topic in help, URL, etc.) just what ARE cookies?
Search the Netscape web site.
Here's an independent answer courtesy of "The Answer Guy" (Linux
Gazette's nickname for me):
In programming terminology -- specifically in
discussions of networking protocols (such as
HTTP and X Windows) a "cookie" is an arbitrary
data token issued by a server to a client for
purposes of maintaining state or providing
identification.
Specifically "Netscape HTTP Cookies" are an
extension to the HTTP protocol (implemented
by Netscape and proposed to the IETF and the W3
Consortium for incorporation into the related
standards specifications).
HTTP is a "stateless" and protocol. When your browser
initiates a connection and requests a document, binary
or header the server has no way of distinguishing your
request from any other request from your host (it doesn't
know if you're coming from a single-user workstation, or
a multi-user Unix (or VMS, MVS, MPE, or whatever) host --
or the IP address that it sees as the source for this
request is some sort of proxy host or gateway (such as
those run by CompuServe and AOL).
Netscape cookies are an attempt to add and maintain state
between your browser and one or more servers. Basically
on your initial connection to a "cookie generating" site
your browser is asked for a relevant cookie -- since this
is your initial connection there isn't one -- so the server
profers one to your browser (which will accept it unless
it's not capable of them, or some option has been enabled
to prevent it or prompt you or something like that). From
then on all other parts of that site (and possibly other
hosts in that domain) can request your cookie and the site's
administrators can sort of track your access and progress
through the site.
The main advantage to the site is for gathering marketing
statistics. They can track which versions of a web page
lead to increased traffic to linked pages and they can
get some idea how many new and repeat visits they're getting.
(Like most marketing efforts at statistics there are major
flaws with the model -- but the results are valid enough
for marketdroids).
There are several disadvantages -- including significant
privacy concerns. There are several tools available
to limit the retension and use of cookies by your browser
(even if you're using Netscape Navigator). PGP Inc
(the cryptography company) has a link on their site to
one called "cookie cutter" (or something like that).
About the only advantage to some users is that some
sites *might* use cookies to help you skip parts of the
site that you've already seen or *might* allow you to
avoid filling in forms that you've already filled out.
Personally I think cookies are a poorly chosen way to
do this -- client-side certificates (a feature of
SSL v. 3.x) is a much cleaner method (it allows the user
to get an maintain cryptographically strong "certificates"
which can be presented to specific servers on demand --
this exchange of certificates involves cryptographic
authentication in both directions -- so your browswer
knows it isn't authenticating to some bogus imposter
of a server -- and the server knows that your certificate
isn't forged.
SSL client certificates allow you to establish accounts
at a web site and securely interact with that site.
Cookies can't do that. In addition many people have a
vague notion that "cookies" where "snuck in" under them
-- so they have a well-deserved "bad press."
> Sincerely,
> Michael Sokolov
--
Jim Dennis, address@hidden
Proprietor, address@hidden
Starshine Technical Services http://www.starshine.org
PGP 1024/2ABF03B1 Jim Dennis <address@hidden>
Key fingerprint = 2524E3FEF0922A84 A27BDEDB38EBB95A
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- LYNX-DEV Cookies, Michael Sokolov, 1997/06/28
- Re: LYNX-DEV Cookies,
Jim Dennis <=