HTML and CSS Reference
cookie file on the client. We will be talking about persistent cookies in this chapter. The
HTTP server sends the cookie to the browser when the browser connects for the first
time and from then on , the browser returns a copy of the cookie to the server each time
it connects. The information is passed back and forth between the server and browser
via HTTP headers. Figure 16.1 demonstrates how the Firefox add-on, called Live HTTP
Headers, displays the back-and-forth transaction between a browser and server with
cookies (server site is Amazon.com).
Figure 16.1 Watching cookies with Firefox Live HTTP Headers add-on.
Cookies can make a Web page personal and friendly, and store important information
about the user's language, reading, or music preferences, and how many times he or she has
visited your site; track items in a shopping cart; and more. However, some companies use
cookies to track you across various Web sites, even if you aren't aware of the company or
didn't give them permission to do so. Modern browsers take care of this by giving you con-
trol over what sites are allowed or not allowed to set cookies. Cookies can also be annoying,
and some question the security of putting unknown data on their hard drive. 2 Love 'em or
hate 'em, they're an intrinsic part of the Web. But you do have a say about whether or not to
2. When a cookie is set in the set-Cookie HTTP response header as HttpOnly, the Web browser
help mitigate the effects of cross-site scripting attacks. Both Firefox and Internet Explorer sup-
port this feature.