|
Creating a cookie value
Retrieving a cookie value
Clearing a cookie value
Detecting if cookies are accepted
Compact Privacy Policies and IE6
Creating a Cookie Value
Creating a cookie generally involves duplicating the HTTP cookie header
in some fashion so that the browser will store the name-value pair in
memory. Some languages expect an exact HTTP header to be sent, while
others will use built-in functions to help you speed the process along.
Cookies can be set from the browser-side or from the server-side. The
determining factor will be the language you use to create the cookie.
Once the cookie is created, it should flow easily from server to client
and back via the HTTP headers.
There are limits on the contents of both the cookie string and the
cookie file. These limits are partially imposed by HTTP and partially by
arbitrary choice. They are as follows:
- You CANNOT set Cookies for domains other than those that your
response originates from. That is, a page on www.myserver.com can
set a Cookie for myserver.com and www.myserver.com, but NOT
www.yourserver.com.
- The cookie HTTP header must be no more than 4K in size.
Note that this applies to cookies while they are in
memory or stored in the cookies.txt file.
[Back to Top]
Retrieving a Cookie Value
For the most part, retrieving cookies does not require reading the HTTP
Cookie: header. Most languages read this header for you and make it
accessible through a variable or object.
Cookies can be read on the browser side or the server side. Again, the
determining factor is the language used.
The main limit on retrieving a cookie is that you can only retrieve
cookies that are valid for the document your script resides in. That is,
a script on www.myserver.com cannot read cookies from www.yourserver.com.
This is also true for subdirectories within your site. A cookie valid
for /dirOne cannot be read by a script in /dirTwo. This is mainly
governed on the browser side, as browsers know the URL that they are
accessing, and only transmit cookies for that server across the
connection.
[Back to Top]
Clearing a Cookie Value
When programming a Web site, there are many reasons that you may need to
erase a cookie you have created. Often it is because the cookie is no
longer needed, or the scheme of your cookie has been altered, and
requires resetting.
The two main steps to clearing a cookie you have created are:
- Set the cookie's value to null.
- Set the cookie's expiration date to some time in the past.
The reason you must do both is that simply setting
the expiration to a past time will not change it's value until the
browser is closed. That is, all cookie names, values, expirations, etc
are resolved once the browser program has been closed. Setting the
cookie to null allows you to properly test for the cookie until that
resolution.
[Back to Top]
Detecting if cookies are
accepted
To properly detect if a cookie is being accepted via the server, the
cookie needs to be set on one HTTP request and read back in another.
This cannot be accomplished within 1 request. When using PERL or ASP,
try to funnel your visitors through a common page where you can set a
test cookie. Then, when the time comes to detect, check for that cookie.
If you use client-side languages to set a cookie, you can set and read
on the same page. Cookies set by JavaScript or VBScript reside in the
browser's memory already, so you will know if they have been accepted
right away. Check by setting a test value, and then try to read that
value back out of the cookie. If the value still exists, the cookie was
accepted.
[Back to Top]
Compact Privacy Policies and IE6
In 1998, the W3C started drafting a proposal for a Platform for Privacy
Preferences (P3P). P3P has 3 main goals (courtesy of the W3C):
- To inform a user agent of a site's data collection and privacy
practices.
- To allow a user agent and service to automatically negotiate and
to come to an agreement satisfactory to both parties; alternatively,
for the user agent to notify the user and take instruction
concerning proposed data exchanges from the user.
- To exchange data when such exchange is authorized by the user and
consistent with a user's preferences and any outstanding agreement.
Now an official specification, P3Ps use an XML file
to describe in as much detail as possible how a web site uses personal
data during and after a user's session. This can include the intended
usage of cookies to hold or refer to such information.
Alternatively, a site can create a P3P policy that refers solely to its
cookie use. These Compact Privacy Policies are a focal point in
Microsoft's new strategy in addressing the cookie "problem."
Users of Internet Explorer 6 can set their Privacy preferences based
upon whether the target site has a Privacy Policy or not. If a site does
not have a policy, its cookies may be automatically rejected by IE, and
the user will see an icon on the status bar indicating a conflict with
the user's privacy preferences.
P3P may have a broad impact on cookies and their future use. Especially
in the context of advertising and commerce. Even though compact policies
are essentially straightforward to create, users still stand to regain a
great deal of control over their browser's communications.
[Back to Top]
Copyright ©1997-2002
David Whalen. This document is provided "as is" without any
guarantees or warranty. Although the author has attempted to find and
correct any errors or mistakes he, and everyone who contributed to it,
are not responsible for any damage or losses of any kind caused by the
use or misuse of information in this FAQ. The author is under no
obligation to provide service, corrections, or upgrades to this FAQ.
The following is legal information and refers to all the information in
this document. This information pertains to all use of the FAQ
worldwide. All specific names included in the package are registered
trademarks and are hereby acknowledged. Any other trademarks not
mentioned in the FAQ are still hypothetically acknowledged.
No portion of the document may be separated and distributed
separately without the written permission of the author, David Whalen.
The document can not be included in any publication, such as, but not
limited to: magazines, books, newspapers or newsletters, without the
written permission of the author. The document can not be
included in any software compilation using media such as, but not
limited to: CD-ROM, tape backup, optical disks, hard disks or memory
cards, without the written permission of the author. The document
can not be recompiled, modified or not, and distributed without the
written permission of the author. Visitors are encouraged to send
submissions and error fixes to the author, but the author is in no way
obliged to utilize these enhancements or fixes. In the event of
ambiguity or omission within this notice, all rights and ownership are
retained by the author.
|
