January 18, 2000

By Karen Kenworthy

IN THIS ISSUE

Whew! What a day. Up and down, back and forth. I'm building a new computer for a friend of mine, and parts have been arriving all day. One delivery man has come twice, and three others have visited once each. I think I have everything now, but it'll be a while before I get all these packages opened and inventoried. Glad I didn't have to drive all over town though. The Internet does have its uses ...

Cookie Viewer

All this online shopping has me thinking about Web browser cookies. You've probably heard about them. These little disk files make online commerce, and lots of other usual Web features, possible. No doubt about it. These little data morsels are good for us.

Or are they? As with other important issues of our times, experts disagree. Some believe cookies allow Web sites to discover personal information about us, even track our Web travels. If they're right, cookies are poison, compromising our privacy and threatening the growth of the Web.

Well, you know me. I couldn't stay out of a debate like that. So a couple of years ago I wrote the first Winmag.com Cookie Viewer. Now we could see for ourselves what cookies are made of. And decide for ourselves is they are dangerous.

Cookie Viewer told us all Web browser cookies have four ingredients. One is a security flag. If set, the information in the cookie will only be transmitted via encrypted Web connections. Another ingredient is the name of the Web site that created the cookie. The information stored in a cookie can only be transmitted to the site that created it.

The remaining ingredients are known as the data name and value pair. The "data value" is the actual data stored in the cookie. It might be an account number, a name, or any other information a Web site deems memorable. The "data name" is simply a name given to this nugget of information, to distinguish it from other information the Web site wishes to store. Data names run the gamut, from "SiteOwnerSessionId" and "username" to less obvious names like "AA002" and "GUID." Most cookies have a single data name and value pair, but a jumbo cookie can have as many as four.

Cookie Jars

The Cookie Viewer displays all of the ingredients for each cookie in our computer. But where are these cookies stored? There are some "standard" cookie locations, used by the popular browsers such as Microsoft Internet Explorer and Netscape Navigator. But the exact location varies, depending on your browser's make and model. It also depends on the identity of the currently logged-in user, since most browsers maintain separate cookie jars for each of a computer's users.

So they don't forget, most browsers record the location of their cookie jar in the Windows Registry. Cookie Viewer knows all about this habit, and searches the Registry for likely hiding places. When it starts, the viewer displays all the standard locations it has found. You can then select a location, and the viewer will display all the cookies it finds there.

But, as the saying goes, cookies are where you find them. Old cookies might be left behind by a browser no longer installed on your computer. Other cookies might belong to another user of your computer. They might even be stored on another computer, if a network drive is mapped to a local drive letter.

The original viewer couldn't find these lost or misplaced cookies. But you can ask the new version to search your computer for likely cookie storage locations. These jars will then be added to the list of standard locations, allowing you to examine these cookies too.

Cookie searching was one of the most often requested enhancements to the original cookie viewer. So you may be wondering what took me so long. Whey did I take two years to add this feature? The short answer is: Not all cookies are edible. Put another way, not everything that looks like a cookie is a cookie. And it's hard to tell for sure if a file contains cookies.

To identify likely candidates outside the standard cookie locations, the new Cookie Viewer uses two criteria. First, it looks for files with a .txt extension stored in directories name COOKIES (or a subdirectory of that directory). These are likely to be cookie files created by some version of Microsoft Internet Explorer. Next, it looks for files stored anywhere, named COOKIES.TXT. With luck, these will be cookie files created by Netscape's Navigator.

But if the new Cookie Viewer guesses wrong, the results could be a case of indigestion. If you feed a non-cookie to the viewer, it may crash or display meaningless information. It won't harm your computer. But the result might be ugly. :)

Eating Cookies

Once people could see their cookies, they wanted to eat them. Well, not exactly. They wanted to remove them from their computer. The original Cookie Viewer didn't help here. It could only display a cookie's information. But the new version can delete cookies created by Internet Explorer. Just select the cookie, to view it. Then click the viewer's new Delete button.

Deleting Netscape Navigator cookies is a bit trickier. Unlike Microsoft, Netscape stores cookies in a single, large file. So deleting an individual cookie involves editing the file, shifting the remaining information. The new version of the Cookie Viewer can't do this job yet. But I'm working on it and hope to add this feature soon. When I do, you'll be the first to know ...

What else does the future hold? That's largely up to you. Download your free copy of Karen's Cookie Viewer 2.0 from https://www.karenware.com/powertools/ptcookie. Try it, then let me know what you think. I'm always looking for a better recipe. And you just might be the one to provide it.

In the meantime, I'll be shopping on the net. If you see me there, be sure to wave and say Hi! And if you want, you can buy me a cookie.