Does anyone have a detailed understanding of how cookies work? I've read Netscape's explanation of the protocol, but I still have some questions. -Declan
At 12:23 PM -0700 8/6/97, Declan McCullagh wrote:
Does anyone have a detailed understanding of how cookies work? I've read Netscape's explanation of the protocol, but I still have some questions.
-Declan
The July issue of Internet World, "Baking Your Own Cookies," contains a good introduction into some of the details. --Steve
Thanks for the help, folks. This is for an article on privacy I was working on, and I found the info I needed. For instance, Netscape's explanation of the protocol left me wondering about whether cookies from acme.com could be requested by competitor.com. I ended up talking to some Netscape engineers, who were as puzzled as I was by where the term "cookie" came from. But I found it in the good ol' Jargon File... -Declan On Thu, 7 Aug 1997, Steve Schear wrote:
At 12:23 PM -0700 8/6/97, Declan McCullagh wrote:
Does anyone have a detailed understanding of how cookies work? I've read Netscape's explanation of the protocol, but I still have some questions.
-Declan
The July issue of Internet World, "Baking Your Own Cookies," contains a good introduction into some of the details.
--Steve
Declan McCullagh <declan@well.com> writes:
Thanks for the help, folks. This is for an article on privacy I was working on, and I found the info I needed. For instance, Netscape's explanation of the protocol left me wondering about whether cookies from acme.com could be requested by competitor.com. The answer is YES, although it requires a little work.
Suppose that you point your browser at http://www.A.com/index.html. Suppose that file contains an <img src="http://www.B.com/X.cgi">. The CGI file displays a little picture, and also gets or sets a cookie. Suppose you next browse http://www.C.com/index.html, and it too contains the same <img src...>. Since the cookie is "owned" by B.com, not A.com or C.com, the cgi file can track your movement from A.Com to B.Com. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
I believe this is what the folks at Netscape tried to eliminate in 4.0, which I'm told features four cookie settings. One rejects "third party cookies." -Declan On Thu, 7 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
Declan McCullagh <declan@well.com> writes:
Thanks for the help, folks. This is for an article on privacy I was working on, and I found the info I needed. For instance, Netscape's explanation of the protocol left me wondering about whether cookies from acme.com could be requested by competitor.com. The answer is YES, although it requires a little work.
Suppose that you point your browser at http://www.A.com/index.html.
Suppose that file contains an <img src="http://www.B.com/X.cgi">. The CGI file displays a little picture, and also gets or sets a cookie.
Suppose you next browse http://www.C.com/index.html, and it too contains the same <img src...>. Since the cookie is "owned" by B.com, not A.com or C.com, the cgi file can track your movement from A.Com to B.Com.
---
Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Declan McCullagh <declan@pathfinder.com> writes:
I believe this is what the folks at Netscape tried to eliminate in 4.0, which I'm told features four cookie settings. One rejects "third party cookies."
Blessed are those who believe. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dr.Dimitri Vulis KOTM wrote:
Declan McCullagh <declan@pathfinder.com> writes:
I believe this is what the folks at Netscape tried to eliminate in 4.0, which I'm told features four cookie settings. One rejects "third party cookies."
Blessed are those who believe.
And for those who don't believe there is always Read Only for Cookies.txt. PHM
"Paul H. Merrill" <paulmerrill@acm.org> writes:
Dr.Dimitri Vulis KOTM wrote:
Declan McCullagh <declan@pathfinder.com> writes:
I believe this is what the folks at Netscape tried to eliminate in 4.0, which I'm told features four cookie settings. One rejects "third party cookies."
Blessed are those who believe.
And for those who don't believe there is always Read Only for Cookies.txt.
This won't save cookies to disk, but won't they be around for the duration of one session? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dr.Dimitri Vulis KOTM wrote:
"Paul H. Merrill" <paulmerrill@acm.org> writes:
Dr.Dimitri Vulis KOTM wrote:
Declan McCullagh <declan@pathfinder.com> writes:
I believe this is what the folks at Netscape tried to eliminate in 4.0, which I'm told features four cookie settings. One rejects "third party cookies."
Blessed are those who believe.
And for those who don't believe there is always Read Only for Cookies.txt.
This won't save cookies to disk, but won't they be around for the duration of one session?
True, true, but the belief level needed is low and the hysterical data aspects are gone even if you are still tracking mud around from the "current" walkabout. PHM
participants (5)
-
Declan McCullagh -
Declan McCullagh -
dlv@bwalk.dm.com -
Paul H. Merrill -
Steve Schear