Guide Map | Translate | Search | E-mail me

The Web Hikers guide to
Outpost Firewall

Home > FAQ > Cookies

Presentation

About Presentation

Home
Installing Outpost
The Outpost GUI
Miscellany
FAQ
- ActiveX
- Cookies
- The Host File
- Java
- JavaScript
- Protocols
- Ports & Services
- The Internet
- Trojans (Trojan Horses)
- VB Script
- Web Bugs
Rules
Outpost Links
About this guide

Glossary

ActiveX
Cookie
Driver
FAQ
Firewall
GUI
Java
JavaScript
Ports
Protocols

About Glossary

Cookies

Bottom

Get that image of your favourite biscuit out of your mind! That's the wrong type of Cookie, the Cookies Outpost blocks are the digital kind, and some of them don't taste that sweet.

What are Cookies?

They were created for personalizing web pages based on a users preferences or storing a list of items you have added to your shopping cart at an on-line store, these are legitimate uses of Cookies but many sites set cookies under the guise of 'enhancing your browsing experience', basically this means they set a Cookie that tracks your every move on the Internet and pass this information to Ad servers who then use up your bandwidth by downloading adverts related to the kind of sites you visit. For example, if you visit an online Casino you may well have noticed that all the adverts you see wherever you go after that are advertising on-line Casinos or if you visit Amazon most of the ads you will see are for books, CDs, etc.

What's in a Cookie?

Well it's not Chocolate Chips. Cookies are constructed of several elements:

The Cookies name
Its value
When it expires
Path to what set the cookie (usually a web page)
The domain that the cookie belongs to
Lastly there is security information

Name and Value

The last four parts are optional, all that is needed in a cookie is it's name and value. In fact it's compulsory that a cookie has a Name and a Value mainly because not having a Value or any way to reference the Cookie in the future kind of defeats the object of storing information, which is what Cookies are for.

The Name exists so that the Cookie can be referenced by the server that set it at a later date, while the Value is the actual information part of the Cookie. The Value can be anything form how many e-mail's you want displayed per page at Hotmail to the web sites you have visited that session. The value itself is just a primitive string.

Expiration Date

If a cookie is created without an Expiration date it is only stored in your browsers memory, you may have heard of these before being referred to as 'session only' Cookies, meaning that they stay in your memory and are lost when you close your browser. If they have an Expiration date they can last for years (these are written to your hard disc for future reference by servers). The actual duration they are stored for is based on the Expiration date.

Path

The Path part exists because like your hard drive, web sites are stored in different folders. This page your viewing now can be found in a folder called FAQ, which is in turn inside a directory called Guide. Cookies are not just restricted to a domain they are also restricted to the path that set them. So if this page were to set a Cookie only pages in the directory /Guide/FAQ (or any sub-directories in FAQ) would be able to access the Cookie. A page in /Guide wouldn't be able to access the Cookie set by this page.

Why is this the case? Well it's for partly for security reasons and also to stop one web site over writing a Cookie of another web site that happened to have created a Cookie with the same Name. For example, lots of hosting companies give away or sell space to people on the same domain, imagine that a host sells space to three different people: Gerard, Anastasia, and Douglas. The paths to their web sites would be www.domain.com/hosted/Gerard, www.domain.com/hosted/Anastasia, and www.domain.com/hosted/Douglas.

If it didn't matter what path the Cookies came from then any Cookies that were set by Gerard's page could be viewed by Anastasia's or Douglas's web page. Obviously this is not very desirable. Also Anastasia may create a cookie called My Sites Cookie, and if Douglas had done the same when someone visited the sites Anastasia's Cookie would be written over by Douglas's and vice versa

Domain

This is used to allow sub-domains to all use a particular Cookie, most of the time the Domain isn't set as Cookies won't need to be read across sub-domains. For example, if a cookie is set by douglas.mydomain.com then it's unlikely that anastasia.mydomain.com would need to access cookies set by douglas.mydomain.com so Douglas doesn't specify a domain when he creates a Cookie. As no domain was specified it automatically can only be accessed by his domian. But if a Cookie does need reading across sub-domains it can be specified in the Domain part of the Cookie.

Security

The Secure part of the Cookie is a true or false value. If it is true (i.e. Yes) then only a web site using a secure server (HTTPS) can access that cookie. So a Cookie set by NatWest bank using the HTTPS application level protocol couldn't be accessed by NatWest if you visited using the HTTP protocol.

Where are these Cookies stored then?

It depends on what your browser is. Netscape/Mozilla store there Cookies in a file called cookie.txt in your profile directory. IE stores them in a folder called Cookies (search for this, there is one for each user).

Is it dangerous to for my computer to store cookies?

NO. At least not from the point of view of your hardware. Cookies can't access your hard drive to delete/move files, or do anything malicious. However they can contain information you might not want others to see, with or without your consent. Fortunately Outpost blocks Cookies for you making it easy for you to restrict what sites can set and read Cookies.
See Active Content Plugin

What the hells wrong with Outpost? It's supposed to block Cookies, but I checked out my stored Cookies and there are a gazillion of them.

The way Outpost filters Cookies is to block the return of the Cookies to a server. As there are many ways for a Cookie to be set, Outpost doesn't block the setting of Cookies (this is why you will find lots of Cookies on your computer even if you have Outpost set to Block all cookies). But there is only one way for a server to retrieve a Cookie (through your browser). Don't worry, Outpost will not let a server read a Cookie unless you allow it to.

Pros/Cons

Cookies are useful to consumers as they enable sites to recognise returning visitors so you don't have to login each time.
Cookies can also help consumers by personalising a site and making special offers available based on their past shopping behaviour.
Without them you wouldn't be able to buy online as they are used to keep track of what is in your shopping trolly.
Cookies maybe a privacy violation, especially when combined with Web Bugs.
Without Cookies it is impossible to provide a web service that has more then one from, as there is no way to store the information between sessions (Trese, G. W. & Stewart L. C. (1998). Designing systems for Internet commerce. USA: Addison Wesley).
They could be used by employers to proove misuse of a computer by an employee. In fact a newspaper in Tennesse, USA sued the local government to obation the governments staff cookies under the theroy that they are official government documents (ibid).

For more Information:

Google search for Cookie Exploits
The Cookies Page
Cookie Central
How Web Servers' Cookies Threaten Your Privacy
Internet Cookies
Cookie - Webopedia
SANS - Cookies and Exploits
Cookies - How to view, edit and delete

Glossary Top

This is an unofficial guide, the information expressed here may differ from Agnitum's. There is a support forum (no longer run by Agnitum, but by users) if you need more help this is a good place to start. Where information here conflicts with what Agnitum have told you always go with the information given to you by Agnitum.

The Web Hikers guide to Outpost Firewall