### Overview

 By the end of this page you will be able to: Understand the role of cookies in a Web browser Understand the security implications of a cookie Describe the difference between an HTTP and a Flash cookie

## Introduction

When browsing the web most people will have encountered cookies. But;

• What are they?
• How to turn off cookie warning messages?

## How does a cookie work ?

"I basically equate cookies to the notion of a store being able to tattoo a barcode on your forehead, and then laser-scan you every time you come through the door." Simson Garfinkel "Wired" When a browser and a web server first meet, the Web server gives your browser a text file, the cookie. The cookies information is then shared and often updated on each return visit made to the Web server. Cookies are not necessarily site specific. In Geoff Palmer’s article in the October PC World (1998) he explains the Double-click cookie, which is used to track users’ movements between web sites, build a centralised profile of likes and dislikes and target advertising across numerous web sites.

## Security and privacy

Cartoon: A Hubbards cookie is actually a YCR!

• Increase network traffic. Each time a cookie is stored the cookie names and values are sent to the server. If you have 2000 users making 4 requests per minute, and have a 4kB cookie this give 32MB traffic per minute!
• Increases the time to service a request. The server must parse (unscramble) the cookie collection.
• Are machine dependent. i.e. are stored on the computer accessing the application.
• Are browser-dependent. If you have two browsers accessing the same application two sets of cookies are created.
• May disappear. Users can manually delete cookies, the machine can crash, or the user can rebuild the machine.
• Are user controlled. Users can set the browsers to reject cookies.

Response.cookies("UserId") = "Michael"

pgUserId = Request.Cookies("UserId")

The following excerpt is by Bill Detwiler (2010)[1] Flash cookies, or Local Shared Objects, generally serve the same tracking function as HTTP cookies, but with some significant differences.

• They can hold a lot more data, up to 100 Kilobytes, where a standard HTTP cookie is only 4 Kilobytes
• They have no default expiration date.
• They are stored in different locations on your machine so even if you go hunting for files with the .SOL extension, which Flash cookies use, you may have a hard time find them all.
• The security settings on your computer have no effect on them.

So, how can you see which sites have placed Flash cookies on your machine, and how do you control this behaviour? Annoyingly, both of these questions are answered using the Adobe Flash Player Settings Manager, which you must access through a Flash element on Adobe's Flash Player support Web site ( Adobe, 2010[2]).

### References

1. Detwiler, B. (2009) Video: Delete Flash cookies to protect online privacy. Retrieved January 21, 2010 from http://blogs.techrepublic.com.com/itdojo/?p=1424&tag=nl.e099.dl100120&tag=nl.e099
2. Flash Player: Settings Manager. Retrieved January 21, 2010 from http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
 VirtualMV/Internet and Web/Cookies. (2018). In WikiEducator/VirtualMV wiki. Retrieved October 19, 2018, from http://wikieducator.org/VirtualMV/Internet_and_Web/Cookies    (zotero)