A cookie is simply a small (up to 20 times 4k per domain) bit of info which servers can store in a browser's client. Look on your hard drive for a cookie.txt. More cookie info.
"Wednesday, 09-Nov-99 00:00:00 GMT";
".engr.iupui.edu";
"/cgi-bin/";
Since http is a stateless protocol, meaning each transaction is distinct and there is no memory from one to the next, tracking a browser through a site can be difficult at best. A user could visit a site, leave, and come back a day or a minute later, possibly from a different IP address. The site maintainer previously had no way of knowing if this was the same browser or not.
Imagine if unix or DOS made you login before every single command you type! This is basically what http does. This makes it very difficult to create an interactive application. But now, there are cookies! ;)
Cookies can provide a way to maintain stateful connections between client and server.
A cookie is a small chunk of data, given to you by a server and stored on your hard drive. It can be used to track your path through a web site and develope a profile of you for advertisers. They can of course be used for good things like shopping carts also.
No, they can't fill up your hard drive. The cookie spec says that the client may only hold at most 300 cookies in its jar and that a server may only put 20 into it. A server can cheat on the 20 cookie limit by using a different domain for each set of 20. i.e. Set 20 with www.engr.iupui.edu, 20 more with .engr.iupui.edu, and 20 MORE with .iupui.edu. Once that fills up, the most senior ones are bumped out. Cookies can only be 4k a piece so at most you may have 1.2 megs of your hard disk being used for a commercial site's cookie jar.
You can imagine huge corporations battling over your jar in a holy cookie war where Netscape.com tries to fill up your cookie jar and bump out all the Microsoft.com cookies you have and vice versa. But that would never happen. Would it? ;)
During a browsing session Netscape stores your cookies in memory, but when you quit they go into a file called cookies.txt on semi normal systems, but on a Macintosh the cookie jar is called MagicCookie and resides in the preferences folder.
Cookies are passed to you in a Set-cookie: http header with 5 possible fields seperated with a semicolon and a space. The fields can be described as follows :
Wdy, DD-Mon-YYYY HH:MM:SS GMT
Your browser will send a cookie to a server with its request for a document when that document matches the path and domain attribute of a cookie.
For example, if you have a cookie with a path of "/stuff" and a domain of ".netscape.com" then anytime you request a document from "netscape.com/stuff" your browser will send that cookie along with that request where netscape.com may extract it from the environmental variable, HTTP_COOKIE.
See cookie-test.pl for an example.
Here are a couple of tricks for keeping cookies out of your jar. Keep in mind, that cookies are kept in memory (not on disk) during a session. They do not need to be written to disk for them to be useful to a server.
As of Netscape 3.0 you now have an option to be notified when a server gives you a cookie so you may reject it. The setting should be hiding under Options -> Network -> Protocols for some reason.
If you are highly enlightened and run netscape on a UNIX platform then symlink .netscape/cookies.txt to /dev/null. Remember, you will still get cookies, but they will disappear when you restart your browser.
If you run an M$ OS type thing, attrib your cookies.txt file to read only.
If you enjoy mittens and use a Mac, grab Cookie Monster and he'll eat your cookies for you, each time you start your mac.