1998-01-25 - Re: Tossing your cookies [Re: Why no “Banner Ad Eaters”?]

Header Data

From: Alan Olsen <alan@clueserver.org>
To: Jim Gillogly <jim@acm.org>
Message Hash: 48ba3a85a182914afc1bf73dd681d146f97fc0888638adc2165e27f6b6658ec2
Message ID: <3.0.5.32.19980125110902.03834b80@clueserver.org>
Reply To: <md5:CEDBAC6CF351AB65AB53DEAC6B3C5702>
UTC Datetime: 1998-01-25 19:18:48 UTC
Raw Date: Mon, 26 Jan 1998 03:18:48 +0800

Raw message

From: Alan Olsen <alan@clueserver.org>
Date: Mon, 26 Jan 1998 03:18:48 +0800
To: Jim Gillogly <jim@acm.org>
Subject: Re: Tossing your cookies [Re: Why no "Banner Ad Eaters"?]
In-Reply-To: <md5:CEDBAC6CF351AB65AB53DEAC6B3C5702>
Message-ID: <3.0.5.32.19980125110902.03834b80@clueserver.org>
MIME-Version: 1.0
Content-Type: text/plain



At 09:16 AM 1/25/98 -0800, Jim Gillogly wrote:
>
>Heinz-Juergen Keller skribis:
>> Just a silly? question on cookies:
>> What will happen if I just link cookies.txt to /dev/null ?
>> Is there anything speaking against this solution?
>
>Works fine on Unix and Linux systems if you're not a cookie fan:
>the remote sites think you've eaten their cookies, but you've
>merely frisbeed them into the bit bin.
>
>It's better than telling Netscape you want to be asked: some
>sites set a dozen cookies per hit, seems like, and saying "no"
>to each gets immediately tedious.  If you tell Netscape to reject
>them, some sites won't serve you the content.  Setting the browser
>to accept everything and linking cookies.txt to /dev/null works
>well for me.

You can also make the cookie.txt file read only.

Both of these options only make the cookies valid for the current session.
They do not make them go away all together.

Some of the site that cookie bomb do so out of ignorance.  Old versions of
Apache have such cookie bombing set by default.  (They changed the name of
the option soon after.  The option was originally called "Mod_cookies" and
people left it figuring that if they disabled it, they could not use
cookies.  Actually it is a method for tracking usage patterns within a
site.  The module was renamed to reflect that.)  

I am willing to bet that most of the sites that send cookies are not even
using the data they provide.  Few log file crunchers can make use of the
cookie data from user tracking in any worthwhile manner. Any company that
relies on cookies to hold onto membership information is foolish. (Cookie
files only hold 300 entries.  Surf enough and the membership infomation
gets washed away with the tide.)  Cookies are not needed for storefronts.
There are better ways to accomplish the same thing. (There are CGI
storefronts that save the information on files on the server, for instance.)

I can understand why cookies were thought up in the first place.  Much of
cgi programming is overcoming the stateless nature of http.  Unfortunatly,
the idea was not thought out that well...

---
|              "That'll make it hot for them!" - Guy Grand               |
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l alano@teleport.com` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.ctrl-alt-del.com/~alan/       |alan@ctrl-alt-del.com|






Thread