homepage Welcome to WebmasterWorld Guest from 54.166.122.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
You want some Milk to go with those Cookies?
pageoneresults

WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 12:10 pm on May 29, 2008 (gmt 0)

In a recent Home Page topic started by jcoronella...

Flash Player Exploit discovered - initial confusion begins to clear
[webmasterworld.com...]

... there was a reference provided to the US-Cert site for securing your browser...

CERT on how to secure your browser:
[us-cert.gov...]

I decided to review the suggestions from the Government in securing my browser and followed their instructions to the "t". Right after I started IE back up and visited my first site, the changes were apparent. No Flash, no menus, pretty much barron of any functionality, bad website design, bad!

Since making those changes, I've pretty much reverted back to most of my previous settings which took years to fine tune and understand the ramifications if I allowed something or disallowed something. There is one setting that I haven't changed back yet and that is to Allow Cookies. I've been surfing with Cookies off and what an eye opening experience this has been. I know, I should know this and I do, that's why I have additional programs installed to keep my system cleaned regularly which includes the purging of Cookies that I've been eating during my last 24 to 48 hours.

What an annoying browsing experience when Cookies are turned off. I'm hitting sites that are dropping upwards of 10, 15 and 20+ Cookies, what the heck is that? I knew I was gaining a little weight but man, when you step on the scale and see the numbers! What happened out there? Why so many Cookies? And, how come you don't see many discussions about Cookies?

I'm on a mission this week. I'm going on a virtual diet. No more Cookies unless I absolutely have to. And even then, I better get some damn Milk with my Cookies!

 

jatar_k

WebmasterWorld Administrator jatar_k us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 12:31 pm on May 29, 2008 (gmt 0)

I did the same and was blown away with how many sites are setting cookies for other sites

I also love the "you already have 20 cookies for this site" that comes up in the allow/deny box

digitalghost

WebmasterWorld Senior Member digitalghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 12:50 pm on May 29, 2008 (gmt 0)

Just a quick note for all you that are about to clear out your cookies and start denying them too. Make sure you have your password and login info handy. ;)

>>Why so many Cookies?

Hit a site with 5 ad carriers, get 5 cookies. I agree, it's nuts. I use Prefbar for Firefox to keep a handle on it, and still go in and clean out IE history, cookies, etc, even though I don't use IE.

After a particularly nasty bout with Zlob, I have Spyware Blaster and Spybot running in conjunction with my AV software. Prefbar allows me to turn access to things like Flash, JS Cookies, etc on and off with a single click. As well as delete cache and cookies with a click.

>>No more Cookies unless I absolutely have to

And since you're posting here, that's one cookie you had to eat. ;)

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 3:24 pm on May 29, 2008 (gmt 0)

Google Analytics barfs up at least 4 every time you visit a site running GA. Sorry GA, no tracking me :-)

You get fast using your ESC key. I use Firefox for browsing and prompt for all cookies. For those sites I visit regularly I check the "remember" box and allow. Everything else I first make sure my checkbox hasn't been left "checked" from the last cookie prompt and start in with the ESC key. Pain? Only if the site is throwing up tens of them as you mentioned. If it gets too terribly bad I'll just hit ESC before the next cookie pops and stop the page load and move along.

I think the reason you haven't noticed this before, P1R is because you haven't been prompting for cookie permission/privacy. Cookies are an extremely useful tool so I only allow them on the sites I use regularly, or sites where I know I need to allow the cookie in order to continue. If it is a one time deal, I finish my time on the site and immediately pop into cookie management and remove the cookie (or only allow for session).

encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 3:36 pm on May 29, 2008 (gmt 0)

If you're a Firefox user, try the Cookie Culler extension - I have it set up to have a few select cookies protected, and all others are wiped when I close my browser window.

Google Analytics barfs up at least 4 every time you visit a site running GA

GA slows down sites so much that I simply disallow them completely via Adblock - so no tracking for me either. ;)

pageoneresults

WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 5:39 pm on May 29, 2008 (gmt 0)

Google Analytics barfs up at least 4 every time you visit a site running GA.

Hmmm, I'm counting 8 to 12 for the new GA code.

I visited one my favorite Blogs with the cookies off, yikes! After all the attempts from the blog itself, then I got to go through all the third party cookies. I believe there were close to 30? Last time I was involved in a Cookie discussion people were like, "dude, your throwing three cookies at me". :)

So tell me, how accurate are web based tracking statistics? No, don't tell me!

Anyone here do Cookie Development? What exactly is involved? Is there such a thing as Cookie Management from the web development side? I mean, are Cookies dynamically served and personalized? Tell me more, I'm new to Cookies. :)

Can we discuss what goes into the making of a Cookie? And how they are baked?

We can skip all the Flower, Sugar, Butter jokes too!

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3661753 posted 5:58 pm on May 29, 2008 (gmt 0)

cookies are set for a session or given a life and are only accessible by a domain and any subdomains.
simple keyword value pairs (plus domain and time).
any cookies that apply to the domain get sent by the user agent with the HTTP request.
you can check and act on any cookies server side.
then you create a new/modified set of cookies which gets returned with the HTTP response.
cookies are handled by the CGI standard.

digitalghost

WebmasterWorld Senior Member digitalghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 6:13 pm on May 29, 2008 (gmt 0)

>>What exactly is involved?

Cookies travel back and forth as an HTTP header. You can specify the value of the cookie, the name, expiration date, the domain and path it is valid for. Cookies are stored in browser memory, then sent to the drive so that the next time you fire up the browser your cookies are there.

If they expire, they are cleaned from your browser and your drive.

Content-type: text/html Set-Cookie: chocolate=chip; path=/; expires Sunday, 30-May-2008 18:00:00 GMT

That would set a cookie named "chocolate" with a value of "chip" that expires tomorrow. The / allows the cookie to be valid for the whole site.

How you retrieve the value is up to you.

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 4:24 pm on May 31, 2008 (gmt 0)

Content-type: text/html Set-Cookie: chocolate=chip; path=/; expires Sunday, 30-May-2008 18:00:00 GMT

I'm pretty sure the cookie must be set before the content-type header, otherwise it will print at the top of your output. :-)

You can set cookies using either Javascript or your server side language.

print "Set-Cookie: chocolate=chip; path=/; expires Sunday, 30-May-2008 18:00:00 GMT\n";

Note SINGLE newline.

print "Content-type: text/html\n\n";

The double newline flushes the headers and begins output - so digitalghost's example may be perfectly valid. I'm just not used to doing it that way.

The above is what's called a persistent cookie. This is the type of cookie you're finding in your browser cookie jar. It is only persistent because it is in the full cookie format, including a VALID expiration date (believe me, that one can be a slippery character . . . )

Not to bear bad news - which it really isn't - but if the number of cookies being set by web sites bothers you, you might cringe and the number of non-persistent cookies that are being set that don't get stored (permanently, or until expire) in the jar:

print "Set-Cookie: chocolate=chip; path=/;\n";

A non-persistent cookie is a session cookie that expires as soon as the browser is closed. I love using this one - no mess, no fuss, but it precludes using it in an "auto log me in" or "save visitor settings" scheme.

I read that exact same document and man, I have to say, I could see about 100 points at which the "facts" can lead to paranoia for the general public. This means "COOKIES=BAD=DISABLE!" which makes my job soooo much more difficult.

What people don't seem to understand is the power of cookies is limited. While I'm sure there are some nefarious tactics by which they can be abused, for the most part, cookies are relatively harmless.

I think the most important thing for the average user to know about cookies is A cookie can only be set and get by the same domain. So if site A sets a cookie, site B cannot read it. This negates the largest paranoia of cookies, that they can unanimously "track user movements." *SEE EXCEPTION

An example where this is painfully obvious: you drop items into a shopping cart on http//yourdomain.com. The cookie sets a number to hook you up with your list of widgets stored in the database. When you go to checkout, which is now https//yourdomain.com, the non-SSL cookie cannot be read because you're on a new domain. So as a programmer you must send some token via post or get to re-set a new cookie on THAT domain to keep the two connected. This allows you to browse back and forth from SSL to non-SSL without a) losing track of your cart, or b) putting the entire site on https (the programmers for some sites apparently can't figure this out and actually do this.)

IMO people worry too much about cookies. I used to, until I realized their limitation and how useful they are. Far outweighs the bad.

*EXCEPTION: I do believe FireFox only accepts first party cookies, as described above (am I wrong anyone?) Internet Destroyer, however, will accept third party cookies, which is an opening for the thing everyone fears: tracking Internet movements.

If you display an ad on your site that is loaded by Javascript or the scripting of an external site, it's entirely possible that site may set a cookie on your browser. This is a third party cookie. So if you ever visit that site, they can read the cookie that was set on the original site. "Hey we can see you like other-site.com too!"

Why IE does this or allows it I'll never know. My settings for IE are always "accept first party cookies" and "block third party cookies."

digitalghost

WebmasterWorld Senior Member digitalghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 10:20 pm on May 31, 2008 (gmt 0)

Ack. So much for my copy/paste skills.

outland88

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3661753 posted 4:59 am on Jun 3, 2008 (gmt 0)

Want a site to pick up some cookies try Cutts' site. I've seen others much worse though.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3661753 posted 6:29 am on Jun 3, 2008 (gmt 0)

I have additional programs installed to keep my system cleaned regularly which includes the purging of Cookies that I've been eating during my last 24 to 48 hours.

And it's people like you that rob those nice affiliates like Buckworks out of her hard earned affiliate money, tsk tsk.

the_nerd

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3661753 posted 6:33 am on Jun 3, 2008 (gmt 0)

p1r,

in your starter post of this thread you mentioned a post regarding a flash exploit. But from then on all circles around the "normal" cookies.

I remember I read a thread here on WW about flash cookies that are set without any chance to avoid them - unless you get rid of flash. Has this problem been resolved in the meantime (by Adobe removing "this licence to spy") - or do we just close our eyes and instead discuss the relatively "mild" cookies that we could control if we wanted to?

thecoalman

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3661753 posted 6:56 am on Jun 3, 2008 (gmt 0)

Blocking and managing cookies is one thing IE excels at out of the box and has for many years if you set it right.

First remove all cookies from all sites. Click: Tools>Internet Options>General Tab ..... Under the heading "Browser History" click the "delete" button. This will bring up a pane for selecting what you want to delete, click the "delete cookies" button. Click close

Click the "Privacy" tab, then click the advanced button. Put a check next to "override automatic cookie handling", select the option "block" under both "first party cookies" and "third party cookies". Putting a check next to "always allow session cookies" is optional. Click OK. Allowing session cookies will work until you close Internet Explorer which will delete them.

Now the good part... To allow trusted sites when you load a page from a site with the above settings if it tries to set a cookie and its blocked there will be little indicator down in lower right next to the small globe and the word internet. Mouseover it and you'll get a title "Privacy Report" . Double click this icon which will bring up a list of cookies that have been blocked. Right click the domain you want to allow and select "always accept cookies from this site". Done deal.

I don't use IE anymore but this is one feature I miss because its so easy to use. I've been meaning to look at some FF extensions that look similar.

weeks

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3661753 posted 12:39 pm on Jun 3, 2008 (gmt 0)

I use two browsers. One for when I'm Joe Consumer (I have to know what is going on in the real world, web-wise) and another browser set to "ask about cookies" for testing sites and watching who is downloading what on my machine.

Murdoch

5+ Year Member



 
Msg#: 3661753 posted 1:27 pm on Jun 3, 2008 (gmt 0)

If GA throws so many cookies at you and slows down sites so much, and page load times are now becoming a factor in ranking, then is it safe to say that removing GA from your sites and/or going with a different analytics provider will actually be BETTER for you?

If that's true then hey Google #*$!?

AlexK

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3661753 posted 6:02 pm on Jun 3, 2008 (gmt 0)

rocknbil says:
*EXCEPTION: I do believe FireFox only accepts first party cookies, as described above (am I wrong anyone?) Internet Destroyer, however, will accept third party cookies, which is an opening for the thing everyone fears: tracking Internet movements.

Don't forget the
iframe - behaves like a consulate in a foreign country, and allows 3rd party cookies because, for that patch of the browser screen space, it is actually a first-party cookie.
appi2

5+ Year Member



 
Msg#: 3661753 posted 6:31 pm on Jun 3, 2008 (gmt 0)

the nerd
Here be flash cookies.
C:\Documents and Settings\[userID]\Application Data\Macromedia\Flash Player\#SharedObjects\

And to kill them
Adobe Flash cookie manager [macromedia.com]

ddogg

10+ Year Member



 
Msg#: 3661753 posted 7:20 pm on Jun 3, 2008 (gmt 0)

You're probably surfing the internet with a tinfoil hat on too right?

People like you make my job of running an internet business a lot harder...

pageoneresults

WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3661753 posted 9:42 pm on Jun 3, 2008 (gmt 0)

You're probably surfing the internet with a tinfoil hat on too right?

You know, its funny you should bring that up. I do a bit of "tin hat" stuff quite regularly. :)

People like you make my job of running an internet business a lot harder...

Only just recently. You've gotten me for the past 12+ years, time to let go. Comscore's data is just getting too accurate these days. :)

frontpage

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3661753 posted 6:52 pm on Jun 6, 2008 (gmt 0)

We normally disable all cookies by default both personally and for our corporation computers. Additionally, we use NoScript and AdBlockPlus to make Firefox a safer and more enjoyable experience.

When we need cookies for a purchase or something actually benefitial the enduser (i.e. us), we will enable them and then delete them when the browser closes.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved