O'Reilly logo

Firefox Hacks by Nigel McFarlane

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hack #52. Stomp on Cookies

Track, trap, configure, kill, create, and otherwise diddle with HTTP cookies.

HTTP is a stateless protocol, meaning that each web request made by the browser is independent of all other requests. This greatly preserves the user's privacy. Cookies are an enhancement to the HTTP standard that introduces tracking information that web browsers and servers can share. That tracking information consists of (usually) a single HTTP header line that goes back and forth between the User Agent (browser) and the server. They include a small amount of access-control information based on URLs and expiry dates. This hack explains how to manipulate cookies from the browser side, once they're generated.

Cookies are based on a vendor specification written by Netscape Corporation (you can view that specification at http://wp.netscape.com/newsref/std/cookie_spec.html). Since then, cookies have been more formally defined in RFC 2109. The name cookie derives from the intended use of the header data: the supply of an opaque token useful only for session identification (from magic cookie).

Particularly in Netscape 4.x and earlier, the number of cookies that browsers would maintain per site was limited to 20. That limit no longer applies, even though one cookie per site is usually enough.

Cookies offer no security at all. Never put any user details in a cookie; never expose any server information in a cookie; never use cookies to preserve important data across HTTP requests. Quality ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required