October 30, 2000

By Karen Kenworthy

IN THIS ISSUE

Here in the United States, we have two big days on the horizon. Tomorrow is Halloween, a day when little kids dress up in scary costumes and roam the neighborhood seeking candy and other treats.

One week later comes the U.S. Presidential Election. It's a day when grown men cease their roaming the country, seeking votes and other treats. No scary costumes for this event. But it's perhaps even more frightening. :)

Cookie Viewer

When not getting ready for the upcoming holidays, I've been spending a lot of time working on Karen's Cookie Viewer lately. Long-time readers will recall this little program. It shows the contents of the Web-browser "cookies" found on your computer's hard disk.

Cookies are little files, containing nuggets of information a Web site wants to remember from one of your visits to the next. Some people feel these files are a threat to our privacy while browsing the Web. Others feel they are a reasonable way to implement such important Web services as online shopping. A few people feel both concerns are valid.

But we all agree on one thing: We have a right to know what information is stored on our own hard drives. And that's where the Cookie Viewer comes to our aid.

Previous versions of the Cookie Viewer revealed four pieces of information found within each cookie. One is the name of the Web site that created the cookie. As a security measure, only that site may retrieve the information at a later time. Two other chunks of cookie information are known as the "Data Name" and "Data Value." The first is a name, assigned by the Web site, to the data the cookie contains. The second is simply the data the cookie holds.

The fourth bit of data older Cookie Viewers revealed was just that -- a bit. If the value of this bit is 1, the cookie's data may only be transmitted over encrypted Web connections. If the value of this bit is 0 the cookie's data may be transmitted over any Web connection, whether encrypted or not.

It's About Time

But look inside a Web cookie, and you'll find more even more information. Cookies created by Microsoft's Internet Explorer (MSIE) Web browser, for example, contain four large numbers. I've always suspected these numbers represented dates and times, perhaps when the cookie was created, and when its contents were set to expire. But if so, I wasn't able to prove it. I couldn't break those number's code.

Until now. It turns out each of the four large mystery numbers is the decimal equivalent of a 32-bit binary integer. Convert the first pair back to their original binary form, place them side-by-side, and you have a single 64-bit number. This number represents the time the cookie will expire. Repeat the process using the next two mystery numbers, and you'll know when the cookie was created.

You'll know, that is, once you learn how those 64-bit numbers represent a date and time. After scratching my head for quite some time, and picking the resulting splinters out of my fingertips, I finally discovered the secret of those 64-bit numbers. Each is a count of the number of 100-nanosecond intervals (a tenth of a millionth of a second) that have passed since January 1st, 1601. <sound of me slapping my head>.

I know, a lot of you are asking "Karen, what took you so long? Isn't it obvious how those numbers are used?" And of course you're right. Now. But there are a lot of ways to store dates and times within a computer. It took me a while to eliminate the alternatives.

Cookie Viewer 3.0

But finally you can enjoy the fruits of my labor. The newest version of the Cookie Viewer, version 3.0, displays the creation, and expiration, date and time of each MSIE cookie. The program also displays the cookie's "lifetime": The number of days, hours, minutes, and seconds between its birth, and eventual expiration.

Unlike the cookies we buy at the store, there are no stale Web cookies. Once a cookie reaches its expiration date it is automatically deleted by your Web browser. But some Web cookies are remarkably long-lived. A quick look at the cookies on my computer shows cookies with lifetimes as long as 13,500 days. Created earlier this month, these cookies will expire sometime in the year 2037.

Other cookies have very short shelf lives. In theory it's possible for a Web site to create a cookie that expires as little as one second after it's created. In practice, cookies are usually set to expire after a few hours or days. Common cookie lifetimes I've seen are four hours, one day, and one week.

The Future Of Time

The wide range of cookie lifetimes may have you wondering how long a cookie can last. The answer is more complicated than it might at first seem. According to an Internet standard known as RFC-1123, section 5.2.14, dates sent by a Web server to a web browser should contain a four-digit year. As a result, the latest possible cookie expiration date must be December 31st, 9999 at 12:59:59 pm.

But not all software can understand dates that far into the future. Most programs written in the C and C++ programming languages (which includes most Windows applications, most Web browsers, and Windows itself) become confused on January 18th, 2038 at 19:14:07 UCT (Universal Coordinated Time, a.k.a Greenwich Mean Time).

To understand that time barrier, you must understand how C and C++ programs measure and store dates and times. Traditional, when you ask one of these programs the time, their reply is a large number -- the number seconds that have elapsed since the beginning of the "epoch." That is, since the beginning of the day January 1st, 1970.

The year 1970 may seem too recent to be considered the beginning of an epoch. But a lot of important computer-related events happened around that time. In particular, a new operating system named Unix debuted then. So did a new programming language called C. To the creators of both Unix and C, there seemed no point in being able to store dates and times before 1970.

Besides, by counting the number of seconds that have passed since 1970, and storing that count in a 32-bit signed integer, we'll never run out of time. Why, a time-keeping system like that wouldn't overflow its allotted 31-bits (one of the 32-bits was set aside to indicate whether the time value was positive or negative) until way, way, way in the future. January 18th, 2038 at 19:14:07 UCT to be exact.

Oops! If you're like me, the year 2038 doesn't seem that far way any more. That's why most programs, like Windows, are gradually moving to 64-bit signed integers to store time values. Even when the passage of time is counted in tiny 100-nanosecond intervals, those roomier integers won't overflow until sometime during the year 30,028!

If you'd like to try out the new Cookie Viewer, you can download a copy at https://www.karenware.com/powertools/ptcookie. And if you're curious how the new version handles these new time formats, download the programs Visual Basic source code too. As always, both are free.

In the meantime, I'll get back to work on an even newer Cookie Viewer. Coming attractions include the ability to decode expiration dates found in Netscape cookies (yes, they're stored in a different format), better cookie-hunting techniques and more!

'Till next week, if you come by the secluded Power Tools workshop on All Hallows' Eve, I'll treat you to a nice candy bar. Any other time, you're welcome to a cup of tea, and some homemade bread. And don't forget, if you see me on the 'net this week, be sure to wave and say "Hi!"

TTYL,