Cookie-test

 Example to show you how to set and retrieve a cookie. There is a demonstration of this script at this page. Special thanks to Dale Bewley for this script, for more information about his additional scripts please visit the Bewley.net Script Archive. Please note full information on cookies can be found at Cookie Central

Package Contents:
cookie-test.pl
cookie-test.htm


The following is the marked up information and script, is by Dale Bewley. If you would like more information, please mail to dlbewley@iupui.edu.

Description

A cookie is simply a small (up to 20 times 4k per domain) bit of info which servers can store in a browser's client. Look on your hard drive for a cookie.txt. More cookie info.

User Configurable Variables

You may modify these variables to your heart's content. They are just meant as examples to help show how the subroutines work.

$expDate = "Wednesday, 09-Nov-99 00:00:00 GMT";
The cookie will last in the browser until this date after which, it is deleted.

$theDomain = ".engr.iupui.edu";
The browser will send a cookie if the domain and the path of the current URL match that which is in the cookie.

$path = "/cgi-bin/";
The browser will send a cookie if the domain and the path of the current URL match that which is in the cookie.

All about Cookies

State of mind

Since http is a stateless protocol, meaning each transaction is distinct and there is no memory from one to the next, tracking a browser through a site can be difficult at best. A user could visit a site, leave, and come back a day or a minute later, possibly from a different IP address. The site maintainer previously had no way of knowing if this was the same browser or not. But now, there are cookies! ;)

Cookies are covert little things.

Cookies can provide a way to maintain stateful connections between client and server.

A cookie is a small chunk of data, given to you by a server and stored on your hard drive. It can be used to track your path through a web site and develope a profile of you for advertisers. They can of course be used for good things like shopping carts also.

What size can Cookies be?

No, they can't fill up your hard drive. The cookie spec says that the client may only hold at most 300 cookies in its jar and that a server may only put 20 into it. A server can cheat on the 20 cookie limit by using a different domain for each set of 20. i.e. Set 20 with www.engr.iupui.edu, 20 more with .engr.iupui.edu, and 20 MORE with .iupui.edu. Once that fills up, the most senior ones are bumped out. Cookies can only be 4k a piece so at most you may have 1.2 megs of your hard disk being used for a commercial site's cookie jar.

You can imagine huge corporations battling over your jar in a holy cookie war where Netscape.com tries to fill up your cookie jar and bump out all the Microsoft.com cookies you have and vice versa. But that would never happen. Would it?

Where they at?

During a browsing session Netscape stores your cookies in memory, but when you quit they go into a file called cookies.txt on semi normal systems, but on a Macintosh the cookie jar is called MagicCookie and resides in the preferences folder.

How they work.

How you get them.

Cookies are passed to you in a Set-cookie: http header with 5 possible fields seperated with a semicolon and a space. The fields can be described as follows :

cookie-name=cookie-value;
The name and the value combine to form the 4k limit on a cookie.

expiration=expiration-date;
At this date the cookie will be deleted from your jar automatically. The format is Wdy, DD-Mon-YYYY HH:MM:SS GMT

path=cookie-path;
Used to determine when a browser should show its cookies to the server. Hope mom ain't lookin!

domain=server-domain;
Again, used to determine when a browser should show a cookie to the server.

secure
Send the word "secure" at the end of a Set-cookie header and the cookie will only be sent back to the server over a https connection.

How they get them.

Your browser will send a cookie to a server with its request for a document when that document matches the path and domain attribute of a cookie.

For example, if you have a cookie with a path of "/stuff" and a domain of ".netscape.com" then anytime you request a document from "netscape.com/stuff" your browser will send that cookie along with that request where netscape.com may extract it from the environmental variable, HTTP_COOKIE.

See cookie-test.pl for an example.

Stopping Them

Here are a couple of tricks for keeping cookies out of your jar. Keep in mind, that cookies are kept in memory (not on disk) during a session. They do not need to be written to disk for them to be useful to a server.

  • As of Netscape 3.0 you now have an option to be notified when a server gives you a cookie so you may reject it. The setting should be hiding under Options -> Network -> Protocols for some reason.

  • If you are highly enlightened and run netscape on a UNIX platform then symlink .netscape/cookies.txt to /dev/null.

  • If you run an M$ OS type thing, attrib your cookies.txt file to read only.

  • If you enjoy mittens and use a Mac, grab Cookie Monster and he'll eat your cookies for you, each time you start your mac.

Script and documention © 1996 Dale Bewley
Packaging and distribution Copyright © 1997 Cookie Central, All rights reserved.