Platinum Edition Using HTML 4, XML, and Java 1.2
(Publisher: Macmillan Computer Publishing)
Author(s): Eric Ladd
ISBN: 078971759x
Publication Date: 11/01/98

Disadvantages of Cookies

Some problems, both real and imagined, also occur with the use of cookies. Because many browsers store their cookie information in an unencrypted text file, you should never store sensitive information, such as a password, in a cookie. Anyone with access to the user’s computer could read it.

Newer Web browsers, such as the latest versions of Netscape Navigator and Microsoft Internet Explorer, have a feature that alerts the user every time an attempt is made to set a cookie. These browsers can even be configured to prevent cookies from being set at all. This sometimes results in confusion on the user’s part when a dialog box informs her that something strange involving a cookie is happening to her computer. If cookies are disabled, your carefully designed Web application might not run at all.

Cookie Myths

The biggest problem facing cookies could be a psychological one. Some savvy Web users believe that all cookies are a tool used by “Big Brother” to violate their privacy. Considering that cookies are capable of storing information about where users have visited on a Web site, how many times they have been there, what advertising banners they have viewed, and what they have selected and placed on forms, some people think that their privacy is being invaded whenever a cookie gets set on their computer.

In reality, cookies are seldom used for these purposes. Although technically these things are possible, better and easier ways of getting the same type of information now exist without using cookies.

Other users complain about Web sites being able to write information to their computers and taking up space on their hard drives. This is somewhat true. Web browser software limits the total size of the cookies stored, as well as the amount of space that can go to the cookies of a particular Web site. Consider, however, that this number probably is small when compared to the size of the pages and graphic images that Web browsers routinely store in their page caches.

Other users are concerned that cookies set by one Web site might be read by other sites. This is completely untrue. Your Web browser software prevents this from happening by making cookies available only to the sites that created them.

If your users understand the usefulness of cookies, this “cookie backlash” shouldn’t be a problem.

	ON THE WEB
	Netscape came up with the original cookie specification. You can find more information on the Netscape Web site at http://www.netscape.com/newsref/std/cookie_spec.html.

Using Cookies

By now you have considered the pros and cons of cookies and have decided that they are just what you need to make your JavaScript application a success.

This section discusses a number of handy functions for reading and setting cookies, which will help you make your Web sites smarter and more user friendly. Also included in this section are Internet references for finding additional information concerning cookies.

Retrieving Cookie Values

Cookie names and values are stored and set using the cookie property of the document object. To store the raw cookie string in a variable, you would use a JavaScript command such as the following:

var myCookie = document.cookie;

To display it on a Web page, use the following command:

document.write (“Raw Cookies: ” + document.cookie + “<BR>”);

JavaScript stores cookies in the following format:

name1=value1; name2=value2; name3=value3

Individual name=value pairs are separated by a semicolon and a blank space. No semicolon is used after the final value. To retrieve a particular cookie, you can use a JavaScript routine such as the one shown in Listing 22.1.

Listing 22.1 FavList.htm (excerpt)—JavaScript Function for Retrieving a Specific Cookie

// GetCookie - Returns the value of the specified cookie or null
//             if the cookie doesn’t exist
//
function GetCookie(name) {
   var result = null;
   var myCookie = “ ” + document.cookie + “;”;
   var searchName = “ ” + name + “=”;
   var startOfCookie = myCookie.indexOf(searchName)
   var endOfCookie;
   if (startOfCookie != -1) {
      startOfCookie += searchName.length; // skip past cookie name
      endOfCookie = myCookie.indexOf(“;”,startOfCookie);
      result =
         unescape(myCookie.substring(startOfCookie,endOfCookie));
   }
   return result;
}

---

NOTE:  Most of the listings that will appear in this chapter are excerpts from the FavList.htm document that is discussed in the “A Cookie Example” section, later in this chapter.

---

In Listing 22.1, the myCookie string helps avoid annoying boundary conditions by making sure all cookie string names start with a space and end with a semicolon. From there, it is easy to find the start of the name= portion of the string, skip it, and retrieve everything from that point until the next semicolon.

Setting Cookie Values

The name=value combination is the minimum amount of information you need to set up a cookie. However, there may be more to cookies than just this. The complete list of parameters, which should be separated by a space and semicolon, that can be used to specify a cookie is as follows:

•  name=value

•  expires=date

•  path=path

•  domain=domainname

•  secure

Cookie Names and Values The name and value can be anything you choose. In some cases, you might want it to be very explanatory, such as FavoriteColor=Blue. In other cases, it could just be code that the JavaScript program interprets, such as CurStat=1:2:1:0:0:1:0:3:1:1. In any case, the name and value are completely up to you.

In its simplest form, a routine to add a single name=value pair to a cookie looks like that shown in Listing 22.2.