Managing cookies could impact on your site effectiveness. Rather than a tasty treat stored in a jar on the kitchen counter, cookies on the Internet refer to bits of information written, by the visited site with the help of the browser, to a file on the user’s computer. These bits of information allow the site to manage user preferences, keep track of items placed in a shopping cart, or perform other activities that often relate to maintaining state across more than one Web page. State is a record of current choices, settings, or other information that traditionally cannot be passed from one Web page to another.

The Web is inherently stateless because the connection between Web browser and Web server is severed after each page is delivered. When the visitor clicks a link to move on to another page or to perform an action such as placing a product in a shopping cart, the Web server has no nascent knowledge of whom that user is. Cookies allow the server to keep track of who’s who, even if only labeled with a number, and to manage the broader user interaction across the site.

Cookie Security
Much concern has been expressed over the years about cookies, mostly because sites are writing data directly to the user’s hard disk, leading to the question of what other portions of the system a Web server may access. There have also been concerns about whether Web servers can review and retrieve information left in the cookies.txt file by other Web servers.

First we should know how data is written to the cookies file. Servers don’t actually have access to your system. They only pass the information to the browser, which then writes it to the cookie file. Although more than one file may be associated with cookies, they are all text files. Text files are harmless to computers; they cannot contain viruses. The only information servers can pass to the browser for recording is either supplied by the server (such as the expiration date of the cookie) or by the user (such as the zip code in the previous example). In most cases, if the user supplies any information, it is the value of the variables. The cookie cannot contain any personal information unless the user directly
supplies it.

Second, Its important to examine the sending of data from the hard disk back to a Web server. The browser will only send data stored in the cookies file back to the server. It does not scour your system looking for configuration information or other personal data. Additionally, when the browser receives a request from the server for cookie information, it must compare the domain that request originated from with the domain already written in the cookie file. If they do not match, the data will not be sent.

Writing Cookies
Writing cookies require deep knowledge of programming, but lets try to take a look at it. Various programming languages can be used, from relatively simple scripting languages like JavaScript to the more complex Perl scripts and CGI scripts written in C or by middleware products that interact between the server and the Web browser.

The most common way scripts and programs add a cookie is to insert a Set-Cookie header, which means that the server sends additional information to the client when the client makes a get request. A generic Set-Cookie header would look like this:
Set-Cookie: NAME=VALUE; expires=DATE; path-PATH;
domain=DOMAIN_NAME; secure

The programming part comes in when this information is sent to the client, because it is not sent manually. Usually, a program is written (like a CGI script) that automatically gathers the information and sends it. For example:

Set-Cookie: NAME=user; expires=Friday, 30-Jan-01 12:00:00 GMT;
path-/; domain=webgeek.com; secure

A separate program is used to handle the cookie when the user returns to the site. When a user with the same browser (using the same profile) comes to the WebGeek site, the browser checks the URL that the user has chosen and tries to match it to the different URLs in the cookies file. If the user has come to the site before and a cookie was set, then the browser will locate that cookie and send it to the server so that the server will have the cookie information readily available. How the server uses the cookie information depends on the contents of the cookie. One of the most common ways is an auto-logon feature that allows the Web site to remember the visitor.