ec2-3-215-16-238.compute-1.amazonaws.com | ToothyWiki | RecentChanges | Login | Webcomic

Mmmmm, cookies - Homer Simpson

Also one of the banes of the internet.
Do you turn them off, and have to type your info into every page, every time you visit, or leave them on, and suffer immense amounts of trash building up on your PC? - Tsunami (who leaves them on, and just empties the folder every once in a while)
No, you get a decent browser which allows you to say "Ask me about cookies, and only store ones I want".
Which isn't really sufficient, since pages that send cookies seem to like to send about fifty.  The best simple solution at the moment seems to be: "Only send cookies to and from the site (and subsites of) the URL I put into the address bad - nothing cross site - and even then, throw away all cookies on exit"  A better solution would be to just ignore cookies and wait for the problem to go away (which, if MS has its way it will - they already massively broke cookies once in IE6, they'll do it again and after a while we can forget this sordid chapter of the web's history)  Which is sorta a shame, since client side storage is reallly convenient.  If only it could be made safe.  (Says a somewhat hypocritical Vitenka whose site sends about 40 cookies, used purely to set the colour scheme element by element)
Your site better not use 40 cookies  - according to the spec a browser is only required to store 20 cookies per server (not per site or per page but per server). Trust me, I know whereof I speak.
Yah well - that's a stupid standard.  I don't think it's 20, but it's certainly a lot.  Mostly due to my bad coding, and it being easier to set multiple cookies in php3 than it was to combine them to one supercookie.  php4 fixed that, but isn't installed on that host.  --Vitenka (no one sues the colour function anyway)
See http://www.ietf.org/rfc/rfc2109 section 6.3 'at least 20 cookies per unique host or domain name'. So it doesn't have to store more than 20 to be RFC-compliant, and IE 5.5 doesn't.
"no one sues"? Typo, surely...
MaisOui, Obviously, should be uses.  But since in that configuration it is still true, I'll keep it.  --Vitenka
Oh, and the danger isn't cruft piling up (which is a pretty minor danger) - it's the fact that sites use them for tracking and other information.
Is that particularly bad? Why?
General dislike of privacy invasion.  Linking the various sites I visit together can create far too detailed a profile of me for my tastes.  --Vitenka (or of my tastes)

FYI, the wiki sets a cookie to store your identity and preferences during a session, if you have logged in. It could conceivably encode this information in the URL, but it'd be ugly. toothycat.net generates a lot of traffic/tracking info - some of it easily accessible by visitors (see that "recently used referrers" link down the bottom of the page?). We don't track people to other sites, though (except in a few places on the wiki where I count people following a particular link, out of curiosity; I stick a Count: prefix in to make it obvious what I'm doing..) which I suspect is what is being alluded to here. - MoonShadow
No - what is being alluded to here is having an element of the page (usually an image, provided by the advertisers who are the current worst offenders for this) but also an IFRAME or similar, which is hosted elsewhere.  That then issues you a cookie - and again on the next site you visit, and again and so on.  This is done either directly (having an image from the same server on the next site you visit) or through use of code bugs (primarily in java/javascript which often stays alive despite you moving to another site) 

Note, I don't login to toothy, purely through laziness.
In which case, if it ever attempts to set a cookie, it's a bug and I need to know ;) - MoonShadow


ec2-3-215-16-238.compute-1.amazonaws.com | ToothyWiki | RecentChanges | Login | Webcomic
Edit this page | View other revisions | Recently used referrers | List subpages
Last edited July 31, 2003 1:08 pm (viewing revision 14, which is the newest) (diff)