Web Cookies and
Issue: Campus Web Sites Using Persistent
Campus web sites are beginning to use
persistent cookies for important services. The usual purpose is
to preserve "login" session state. This is unnecessary
and dangerous. Non-persistent cookies can be used anywhere
persistent cookies can be used.
Use and accept only non-persistent cookies for
login session management. Servers that need to remember user preferences
can do so as part of their stored login information not cookies.
A web server can store data on your computer and retrieve it later using a token called a "cookie".
This feature is controversial because it can both provide nice
features while web browsing and can be used to invade your privacy
and even compromise your computer.
Cookies are often used to capture
data about your online behavior, and only sometimes for personalizing a site according to
your preferences. Cookies can also be placed by and later used
by installer programs, viruses and Trojans.
Persistent cookies are stored on your computer hard
disk. They stay on your hard disk and can be accessed by web
servers until they are deleted or have expired. Persistent
cookies are not affected by your browser setting that deletes
temporary files when you close your browser.
Non-persistent cookies are saved only while your web
browser is running. They can be used by a web server only
until you close your browser. They are not saved on your disk.
Microsoft Internet Explorer and other browsers can be configured to
accept non-persistent cookies but reject persistent cookies.
Non-persistent cookies are also called session cookies.
The following is a simple test of cookies. It sets a series
values, "TestCookie*", and allows you to check their
Demonstration and Test
Each browser and each version of a browser have different
configurations options and behaviors relating to cookies and
A trend in browsers (and in personal
security software) is to selectively allow or block cookies on a
case-by-case or a per-server basis. This is a useful feature,
but it is hard for a non-expert user to know for sure when to allow
cookies. These features currently do not tell if the cookie is
persistent or non-persistent. Site administrators could make
use of this feature to allow certain campus sites and block others,
but this would only work if the browser settings are locked-down so
that the end-user cannot change them.
- A cookie can be set in your computer by an image file in a
web-enabled email program, then read later by other web
sites. This can be used to track your use and other
- A cookie can be stored on your computer by any executing program
such as an installer, virus, or Trojan. Such a program can
access anything on your computer and deliver it later to a web
site you visit (such as for help pages or on-line registration).
06 Nov 2011 14:36:28 -0800