Why does my computer keep asking me if I want to save a "Cookie"? What is a cookie?

Think of a cookie as a sort of registration form that you sign when you enter a club. The club learns information about you, and upon your return, the club will cater its services to your needs, as specified in your registration form.

A cookie works the same way. It stores information on your computer that the Web site which sends the cookie wants to store. The information can be any number of things, either provided by the server or by the user. For instance, a cookie can be used to store the contents of a virtual shopping cart while the user is shopping in a web site. Or, it could be the information that a user provides on a registration form. That information could then be used to dynamically generate a site that is catered to that person's interests as described in the registration form.

But why does the browser need to store a cookie? Web browsers use HTTP connections, which by their nature are "stateless." Stateless means that once a connection is ended, such as when the browser is finished downloading an HTML page, no information about the request for that page or anything else is retained by either the server(except for logging that the server actually sent a web page to a certain IP address), or the web browser(with the exception of the browser's cache file). So how then would a shopping program remember what the shopper was ordering if they order from more than one page? Either through the use of a CGI script that creates a user cart, or through storing a cookie and then retreiving that cookie when it is called for.

Should you accept cookies? Isn't that insecure? The Netscape Privacy FAQ states that "cookies cannot be used to gather sensitive information such as the fields in a Netscape preference file." They cannot be used to gather any information that the user does not provide, and as they are stored on the user's hard drive, are not available publicly on the Internet. Cookies only stay on your hard drive for a limited amount of time. Either the programmer specifies a date the cookie will expire on, or if no date is set, the cookie is deleted when the user quits his browser. Only the server that sends the cookie can read that cookie, so security is not in jeapordy. You can set your browser to warn you everytime a cookie is going to be stored, and if you do not wish to accept it, you don't have to.

The U.S. Department of Energy has determined that the vulnerability of systems to be damaged or snooped by web browser cookies is essentially nonexistent. Cookies can only tell a web server if you have been there before and can pass short bits of information (such as a user number) from the web server back to itself the next time you visit. Most cookies last only until you quit your browser and then they are destroyed.