The Great Cookie Debate - Part 1

By Don Watkins

A cookie is a small amount of data stored by your browser on your hard drive. It’s associated with a specific Web site, and unless you have cookie notification enabled, the transfer is automatic.

If you are using Internet Explorer, cookies are stored in the Cookies folder within the Windows folder. You can open that folder with Explorer. If you open your Temporary Internet Files folder you will also see the contents of \Windows\Cookies.

If you look inside the Cookies folder, you'll see some files with names that look like email addresses. For instance I have one called "don watkins@yahoo.com" which is, you guessed it, a cookie from Yahoo.

One function of this cookie is to determine that I’ve selected that messages be sorted by date in the forum message area. Thus, each time I come back I get the same view and don’t have to request a change in how messages are sorted each time I visit the page.

Cookies can be used to hold other information. For instance, I have several pages that I have personalized with a view that’s specific to my desires. The site could force me to log on with a user name and password every time, pull up my profile from its database and then display my preferred view, but by putting a cookie on my system it eliminates that login procedure.

Frankly, given the number of user names and passwords, I’ll take the cookie approach for sites that don’t require security.

On the other hand, I don’t want my online banking site to automatically recognize me simply because the site is accessed by my computer and thus allow anyone using my computer to access it. Ditto for an e-commerce site that allows you to execute a purchase order. I’ve never seen either type of site that didn’t require a login, and if I did, I would be uncomfortable about using them or at least I’d want more information on how the site keeps the information secure.

So cookies can be a very good thing and provide a more enjoyable and less hassle online experience. I can log into TV Guide, for instance, and it knows who I am and what area listing to show me.

Internet Basics
Let’s take a look at some Internet basics. If you’re using a dial-up connection when you connect with your Internet Service Provider (ISP), you are assigned an Internet protocol (IP) address from a range of IP addresses your ISP has assigned to them. Consider this in the context of your street address and the post office. Just like the mailman can’t deliver a letter without your street address, a Web site can’t deliver a Web page to you without knowing your IP address. It is the address of your computer on the Internet.

When you log in with your ISP, they use a service called DHCP (Dynamic Host Configuration Protocol) to assign the IP address from the block of IP addresses that the ISP has available to them. Even if you don’t close the connection the assignment isn’t necessarily permanent throughout your session, as DHCP uses the concept of a lease that a given IP address will be valid for your computer. The lease time can vary, depending on how the ISP has it set up. While it can change during a session, it probably won’t.

If you have a full time connection, such as cable or DSL, chances are you might have a static IP address--an IP address that doesn’t change. In fact, this is how Web sites are found. They have a permanent IP address which is associated with the site's name. A computer receives the address you type in, converts it to an IP address, and the Internet routes you to that site. If you have a static IP address, it is probably identified as part of a block of addresses that belong to your ISP rather than to you specifically.

There are services that will hide the IP address that your computer is using. You log on to your ISP, go to their site and they give you one of their IP addresses. Your activity is transmitted to them, they send it out to the Internet, its returned to their IP address and then relayed back to you.

I’ve tried a couple and the speed penalty seemed overmuch. Keep in mind that you must take all the hops and jumps to get to the site and then just as many to get to the site where you want to go. Each transaction has to do this and as best as I could tell it pretty much doubled the time it would normally take. Plus the service knows what you’re up to even if the remote site doesn’t.

What the Web site sees
When you arrive at a Web site the first bit of information it receives is your IP address. Of course, this information is absolutely necessary to sending back the page you request. This information is almost always recorded in the site log. In addition the Web site can detect the site you came from. For instance, if you located the Web site through a search engine and clicked a link to the site the referring site can be logged. I find this valuable as it tells me how people are finding the site.

The browser type and version is recorded. Again, this is valuable. If a very small number of users are using IE 3.0 then I might make a decision to add features only available to later versions.

The entry page is recorded. This is the first page you go to when you visit the site. The exit page is recorder. This is the last page you were on when you left the site.

Navigation through the site can be recorded. This is invaluable for me as it tells me what features are important/interesting and which aren’t getting any activity at all. It helps me focus on what people are interested in and helps me understanding how to present a more pleasing site.

The darker side of cookies?
There’s a lot of controversy about cookies in the Internet world. Next month, we’ll take that up and try to put everything in perspective so you can make an informed decision about when to accept cookies.

Until next month, best in computing.

Back to article index