Log in ....Tribune

Monday, November 4, 2002
Feature

Net’s black box
Deepak Kaushik

HAVE you ever wondered when you login and enter a Website, how does the server remember name and other information? Actually, server keeps track of each and every user visiting the site. How is this possible when thousands of visitors are visiting the site simultaneously and how safe is it?

Since HTTP is a stateless protocol, it cannot be used to retain the state of the user and identify a user over multiple Web pages. Session, which uses cookies, was introduced to fix this problem. As soon as a visitor enters the site, the server creates a session for that, particular visitor, and this session lasts as long as the visitor is on site. So at a time there are as many sessions as the number of visitors on the site. The server keeps all these sessions in a separate memory area so that no other user can access information about others.

Cookies are temporary memory area or files on the client’s computer that holds the information regarding the user. These files can be permanent sometimes. The server can store information regarding the stages of the user by creating different cookie variables on the client computer. Others cannot use this information because cookies are stored on the client’s computer and not on server. This can be easily retrieved for further use anytime. When the user quits, the session ends and all this temporary information is erased from the client’s computer. Cookies can also be used to store information regarding visitors’ habit and favourites, which can be used to customise the site according to the user preferences each time she visits the site. This way the cookies help in making the site more dynamic and customised. It’s a wonderful tool. There are two other methods like query string and hidden forms to do the same thing but each has its own limitations.

Some consider cookies an invasion of their privacy. Even worse, if this information falls into wrong hands, the individual could become the target of multiple bulk-mail advertising campaigns. Not all browsers, however, support cookies.

Recent versions of both Internet explorer and Netscape navigator have additional options that allow greater control over cookies. You can either configure browser to warn before accepting a cookie or disable them entirely. One simple way to disable cookies on a browser is by making the cookies files read-only.

At the end, we can say cookies are the easiest way for keeping track of a user over multiple pages. But they should be used carefully.