Netscrape's Cookies

Alex Strasheim cp at proust.suba.com
Thu Feb 15 03:02:10 PST 1996


> >>I'm curious if anyone knows which sites use/modify it.
> >AFAIK, the only site that uses it is *.netscape.com
> 
> That is not quite true.  There are other sites that use the cookies.  (It is
> not very common though...)

A good place to read about cookies is http://www.illuminatus.com/cookie;  
I think there are pointers to cgi/perl stuff that manipulates them.

Cookies are very helpful for database and commerce applications.  I'm 
using them for a crude online store, as a way to let the web server keep 
track of who has what in their shopping basket.  Another way to solve the 
same problem (letting the server store state information) is to put data 
in the urls.  (ie., when you sign in, you get a page back that's 
generated on the fly, and all the links in that page have a session id 
embedded in the urls.)

Preserving state information is useful, and as it's been pointed out here,
the cookie only contains information that came from the web server in the
first place -- I don't see coookies as a major threat to privacy.  You
could even argue the other side (somewhat unconvincingly), that cookies
let you put more applications under the netscape/ssl umbrella.  As the web
grows more robust, a secure web means having stuff like secure
communications between workstations and db servers, etc.  Cookies make it
easier to do db applications. 

But in general, I'd like to see netscape adopt a system that lets people
know when information is going to be transmitted to a remote site.  It's
easy to grab someone's email address by seting up a form with only hidden
fields and trick people into submitting it by mail by clicking on a
button.  The ftp problem has been discussed here before, and addressed by 
Netscape.

The best answer would probably be to use the kind of pop-up messages you 
get when you're going to submit a secure or insecure form.  "You're about 
to send a cookie back to a web server, continue or abandon?"  "You're 
about to send mail from a web page, do you want to do that?"  Give people 
the ability to turn the messages off -- that way functionality isn't 
impaired.







More information about the cypherpunks-legacy mailing list