Cookies: The Good, the Bad, and the Sneaky
Cookies were originally designed to solve a practical problem that arises from the design of the World Wide Web. When you browse a Web site, your computer doesn't really stay connected to the site for the entire time you're there. Instead, your PC makes a request, receives an answer (usually in the form of a Web page), and disconnects right away. If, after reading the page, you decide to click on a link or a button, your computer makes a new connection to carry out your request. Because the connection doesn't stay open, the Web server doesn't need to devote resources to keeping it alive while youââ,¬"the slow humanââ,¬"decide what to do next.
The downside of this method is that carrying on an ongoing conversation becomes tricky. Let's suppose you're making an online shopping trip in which you place half a dozen items in your cart and then check out. Each time you click, the Web server needs to remember who you are and what you've selected so far.
Because the server would need massive amounts of storage to keep this information around for tens of thousands of shoppers (an estimated 75 percent of whom will leave their carts in the virtual aisles and never check out), it's best to have the client, rather than the server, store information about the state of the transaction. So the server may place a cookieââ,¬"a bit of text identifying you and describing the transactionââ,¬"on your machine.
The cookie also contains bookkeeping information, such as the domain from which it was sent and an expiration date. There are two kinds of cookies: session cookies, which vanish each time you shut down your browser, and persistent cookies, which can stay around for months or years. An e-commerce site might use both kinds; for instance, it might use a session cookie to remember information about a particular shopping trip, and a persistent cookie to recognise you when you come back another day.
Each time you move to a new stage of your online transaction, the merchant's server asks your computer to send back the cookie that's been stored on your machine. This reminds the server of who you are and what you were doing, and the conversation continues where it left off.
Cookies are handy for many legitimate purposesââ,¬"for example, to allow a Web site to recognise you as an authorised user without requiring you to log on every time you access the site. But they can also be used for nefarious purposes.
excelant article
one addtional point:
one way to prevent the reading of email in outlook and outlook express from triggering the html bugs, etc is to
1) download your email
2) disable your internet connection
3) read all your email
4) enable your internet connection