A cookie is always associated with a specific domain. The browser will only return the cookie to that domain; no other site can request it. The domain does not have to be the same as that of the page that created the cookie, however.
Persistent cookies have an expiration date, after which they will be deleted; session cookies disappear when the browser is closed.
According to Security Space (October, 2007), about 27% of Web servers send cookies.
The following format can be used in the HTTP header to set a cookie on the browser's machine:
Set-Cookie: name=value; expires=date; path=path; domain=domainname; securename=value is the only required attribute of the cookie: name is the name of the cookie, and value is a string of characters. The format of the expires value is Wdy, DD-Mon-YYYY HH:MM:SS GMT. The default value of domain is the host name of the server. The path value specifies the subset of URLs in a domain for which the cookie is valid; the default value is the path of the document described in the HTTP header. If secure is included, the cookie will be sent back only to a secure (SSL) server. An example (taken from Google) is
Set-Cookie: PREF=ID=3ad3336f16f46902:LD=en:TM=1020177524:LM=1020177524:S=d5Bj1fRughE; domain=.google.ca; path=/; expires=Sun, 17-Jan-2038 19:14:07 GMT
When accessing a URL, the browser checks it against all cookies and, if any of them match, a line containing their names and values is included in the HTTP request, with Cookie in place of Set-Cookie; for example
Cookie: PREF=ID=1d8f58976d9d2204:TM=1020177794:LM=1020177794:S=JAZ052LRrQE; domain=.google.com; path=/; expires=Sun, 17-Jan-2038 19:14:07 GMT
In Netscape Navigator and Firefox, cookies are stored in a file called cookies.txt. In Opera, they are stored in a file called cookies4.dat in the profile folder of the Opera folder in Program Files. In Internet Explorer they are stored in separate files in the cookies folder, which may be in the Windows folder or in a subfolder of Documents and Settings.
Some Web sites misuse cookies: they distribute them to other servers (such as DoubleClick) and use them to spam users or invade the users' privacy.
In Netscape Navigator, cookie preferences can be set in the "Privacy & Security" part (or, in earlier versions, in the "Advanced" part) of the "Preferences" dialog; in Firefox, under "Privacy" in the "Options" dialog; in Opera, under "Privacy" in the "Preferences" dialog; in Internet Explorer, at the "Privacy" tab of the "Internet Options" dialog (or, in earlier versions, in the "Security Settings" dialog, which is accessible with the "Custom Level" button at the "Security" tab).
Users may run software to clean out or control cookies; examples are HistoryKill, WebRoot Window Washer, Cookie Pal, ZDNet's Cookie Master, and Cookie Cruncher. Software, such as Ad-Aware and Spybot, designed to remove spyware and adware may flag cookies for removal.
Internet Explorer, Firefox, Opera, and Netscape Navigator all allow blocking of cookies by Web site. Internet Explorer, Firefox, and Netscape Navigator allow clearing of all cookies (Opera can be set to delete all new cookies on exit).
Internet Explorer 6 by default is set up to block cookies from sites that do not have proper P3P (Platform for Privacy Preferences) files installed. This setting is also available as an option in Netscape Navigator.
Home