June 2002 Reader Challenge

Test Your Knowledge About Cookies

Congratulations to our June Challenge winners. Congratulations to Dan Bendig of Elmwood Park, New Jersey, who wins first prize, a copy of my book, "Admin911: Windows 2000 Registry." Second prize, a copy of "Admin911: Windows 2000 Group Policy," by Roger Jennings, goes to William M. Marquardt of Seattle, Washington.

Thanks to all of you for sending so many great answers (not just correct, but original and sometimes funny). Unfortunately, many wonderful answers arrived without addresses and telephone numbers, eliminating those people from the contest. Please read the rules. We can't send you a prize if we don't know where to send it. You must include your full name, street mailing address, city, state or province, and phone number.

The Problem:

I have a few friends who describe themselves as privacy freaks, and they go to a great deal of trouble to keep cookies out of their systems. These friends set tight parameters in Microsoft Internet Explorer (IE), and they run third-party software to defend against cookies. One friend told me he objects to cookies because, "Any Web site I visit can read the cookies, see where I've been, and see personal information I might have provided to a Web site." Another friend told me her daughter also logged on to their Windows XP computer, and if her daughter visited the same Web sites her mother did, she didn't want the Web sites to have access to the information in her mother's cookies. Both of these people run IE 6.0.

How much do you know about cookies? Here's a quiz to test your knowledge. You must answer all three questions correctly to win.

1. My friend who doesn't want any Web site to see cookies that contain personal information that was input on a different Web site doesn't have to worry. Why not?

2. My friend who doesn't want Web sites to read information from cookies associated with another user who logs on to the same computer doesn't have to worry. Why not?

3. There are two types of cookies; name them and explain the difference between them.

The Solution

Question 1:

The text string in the cookie must contain the domain name of the sending Web site, or the cookie won't be sent to (or accepted by) your browser. In addition, and more importantly, Web servers can read only cookies that contain the name of their own domain.

Question 2:

The username of the user currently logged on is part of a cookie's filename. So, if Jane visits Microsoft.com, the cookie filename is [email protected] When responding to a request from a Web site to read a cookie, Internet Explorer (IE) looks only at cookie files that contain the name of the user currently logged on.

Question 3:

This question has two possible answers, and I'll give both.

Most people think of the two types of cookies as persistent and temporary. Persistent cookies have an expiration date in the text, and they're saved to your hard drive. Temporary cookies (also called session cookies) have no expiration date in the text and are used to help you navigate through the Web. HTTP is a stateless protocol and can't manage the details of your travels, the links you've clicked (text links change color after you've used them), or other navigation information. Temporary cookies are removed when you close the browser.

However, it's also technically correct to classify cookies as first-party or third-party cookies. First-party cookies are from the site you're currently viewing in your browser. When the site sends a cookie, you know where it's from, and you know the site can read only cookies from its own domain. A third-party Web site also belongs to a domain (not the same domain as the first-party Web site) and also is restricted to sending or reading cookies that contain its own domain name. The Web page you're viewing contains a link to the third-party Web site, but unless you take the trouble to investigate, you don't even realize that a third-party Web site is present.

The most common example of a third-party Web site is a banner ad, which might look like (but isn't) a graphic that was inserted into the current Web page by the Web master. The banner is a link to another Web site on another domain. That domain can send and read its own cookies, which are third-party cookies. Third-party cookies can cause privacy problems if the third-party Web site is an advertising service that tracks all your cookies for all its advertising clients, resulting in a profile of your buying habits. At least one such company has been cited for selling that information to spammers and direct advertisers.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.