Why Cookies Came to Be
Way back when in the dark ages of the Internet, people trying to build meaningful relationships with visitors to their site were stymied by the statelessness of HTTP. (HTTP is the protocol by which browsers request pages and information from servers, and by which servers deliver the pages and information back to the browsers asking for them). Stateless means there is no information about you or the "state" of your computer (and by state we're not necessarily talking happy/sad or working/broken, but anything that would give the Web server some context in which to respond). So technically, even if you just requested twenty pages in a row from a particular Web server, using a strict interpretation of HTTP, if you were to request a twenty-first page the server still wouldn't know you from Adam.
HTTP, in other words, is a pipe. A pipe that carries information, instructions, and directions. It can carry information that allows the Web server to personalize, but doesn't do any personalization itself. Asking HTTP to personalize information is akin to asking the mailman not to deliver bills on Tuesdays.(You can choose to not open bills on Tuesdays yourself, of course, but you can't stop them from being delivered.)
But of course Web servers know lots and lots about us, whether we want them to or not. We send information to Web servers through forms, query strings (the stuff you see appended to URLs, usually fronted by a "?"), and cookies. It's just that all that stuff is technically outside of HTTP's set of tasks; we use programs or technologies on the Web server to process information after it is passed along by HTTP.
The crucial difference between cookies and those other information-gathering techniques--and the reason they get many people in an uproar--is that the cookies themselves are stored on the user's computer. (With forms and query strings, the information being passed is created from the user's interactions within Web pages.)
Cookies get around the "statelessness" of the HTTP protocol by including additional information in the HTTP header, the packet of information your browser submits to a Web server to request a page. If you've been to a Web site before, and that Web site had deposited a cookie on your browser, the next time you visit that domain the cookie it sent you previously would be appended to your new page request and for all intents and purposes, cookies can only be read by the domain which originally created the cookie.
Cookies are usually used to identify unique visitors. They also store information that helps the Web server finish a transaction (especially for commerce), present additional information, authenticate users, etc.
That's hardly all there is to cookies but, you can learn even more about cookies at:
- It Ain't All Cookies and Cream. By Marc Slayton of WebMonkey
- Internet Cookies and Privacy By Web Street Studios as part of their "Web School", which discusses why cookies have raised privacy and security concerns and some ways around these problems.
- The Computer Incident Advisory Capacity Unit that monitors computer problems for the U.S. Department of Energy also issued a study on March 12, 1998, of the risks to users of cookies, titled " Information Bulletin 1-034: Internet Cookies", which not only gives an in-depth look at problem but, has some very useful information and links, somewhat technical however.