November 13, 2000

By Karen Kenworthy

IN THIS ISSUE

Who knew? Just last week we were talking about how computers deal with very long periods of time. Dates as far into the future as January 18th, 2038 at 19:14:07. Or even more remote times, such as the year 30,028.

It came as no surprise when we discovered that dates like these are associated with Web browser cookies, little nuggets of information stored on our computers by the Web sites we visit. After all, each cookie has an expiration date, a date after which it will be deleted. And some of those cookies have extremely long shelf lives.

But who knew distant dates like these might pass before the next U.S. President is chosen?

Oh well. I guess we'll know the results of the election some day. In the meantime, throw another ballot on the fire, fill your cup with hot chocolate (there's a bag of mini-marshmallows in the cabinet, beside the stove), and let's talk about something sensible, like computers ...

Too Much Time

Last week, even before the votes were cast, readers began to write me about a strange problem with Karen's Cookie Viewer. This little program reveals the contents of Web browser cookies, and had recently been updated to show each cookie's expiration date and lifetime (time remaining until the cookie expires).

It turned out that on some computers, the new Cookie Viewer abruptly failed immediately after loading. The only clue was an error message reading "Runtime Error 6: Overflow." But what was overflowing? And why?

Thanks to several helpful folks, including readers R. Douglas McLeod and Roger Chessher, I was able to track down the problem. Thanks to their reports it quickly became clear that the problem only affected some, but not all, people using Netscape's Navigator Web browser. In particular, only people with a special cookie, created by a Web server named kcookie.netscape.com, saw the overflow error.

What was so special about this cookie? A quick look at its expiration date reveals the problem. You might recall that Netscape stores cookie expiration dates in a 32-bit binary number. Various bits of this number are set aside to store the expiration year, month, day, hour, minute, and second.

Because of this scheme, not all possible 32-bit values represent valid dates. For example, four bits are set aside to store the date's month. But this provides for 16 different months, while in fact there are only 12 different months in the calendar.

The expiration date found in the cookie created by kcookie.netscape.com is 4294967295. Convert this number to binary, and you'll see this is the largest possible unsigned 32-bit number. In other words, it's a 32-bit number with all bits all "on" or 1.

Rather than representing a cookie expiration date, this special value identifies "immortal" cookies, those that never expire. So far, the only one I've found is the cookie created by kcookie.netscape.com, but there may be others.

Thanks to everyone's help, the newest Cookie Viewer, version 3.2.2, now understands these special cookies. Since immortal cookies don't expire, the new Cookie Viewer displays "Never" for their expiration date. For the cookie's lifetime, the new viewer displays "Infinite."

Too Much Time Two

Speaking of time, you might remember our recent discussion of dates found within cookies created by Microsoft's Internet Explorer (MSIE) Web browser. Here, dates are stored as a 64-bit binary numbers, counting the 100-nanosecond intervals that have passed since midnight, the morning of January 1st, 1601. This method allows MSIE to record any date and time that occurs during the next 28,000 years -- until sometime in the year 30,028, to be exact.

But as we discovered, the standard that describes how Web servers and Web browsers should behave (a document known as RFC-1123, section 5.2.14) states that dates may have at most four-digit years. As a result, no cookie expiration date may exceed December 31st, 9999.

Unfortunately, not all Web servers and applications play by the rules. Shortly after Cookie Viewer 3.0 was released, several readers reported that some Web sites were ordering MSIE to create cookies that violated RFC-1123. MSIE dutifully obeyed, creating technically invalid cookies that caused the Cookie Viewer to choke.

Fortunately, the latest Cookie Viewer can also handle these long-lived cookies. It can't compute their lifetimes with the same precision as cookies that expire before the year 9999. For these more durable cookies, the viewer only displays their lifetime in days, instead of usual days, hours, minutes, and seconds. But hopefully, knowing a cookie will expire in, say, 7,000,000 days will give you enough warning. :)

If you'd like to try the new Cookie Viewer, download the latest version at https://www.karenware.com/powertools/ptcookie. And don't be surprised if you discover a few other improvements I've made during the last few days. If you want to see how the viewer works, be sure to download the program's Visual Basic source code too. As always, the program and its source code are both free.

Until we meet again, if there's an election (or re-vote) near you, don't forget to vote early, and vote often. Remember, everyone's vote counts, at least once. And if you see me on my way to, or from, the voting booth, be sure to wave and say "Hi!"

And if you see George W. Bush or Al Gore, say "Hi!" to them too. And tell them to hurry up and get this election over. :)

TTYL,