Cookies are a mechanism used by web sites to store and retrieve information using your browser. For example, a web site may allow you to customize the content and layout of the pages you see, so that your choices are persistent across different visits to that web site.
The web site is able to remember your preferences by storing a cookie on your computer. Then, on future visits, the web site retrieves the information stored in the cookie to format the content of the site according to your previously specified preferences.
Thus, cookies play a very useful role in web browsing. Unfortunately, web sites often store and retrieve information in cookies without your explicit knowledge or consent. Some of this information may be quite useful to the web site owners, for example, by allowing them to collect summary statistics on the number of visits different areas of the web sites get, or to customize banner advertising.
Note that the policies that you set using this control module will not apply to other web browsers such as Netscape®.
The top of the policy tab has a check box labeled Enable cookies. If you leave this unchecked, cookies will be completely disabled. However, this may make browsing rather inconvenient, especially as some web sites require the use of browsers with cookies enabled.
You will probably want to enable cookies and then set specific policies on how you want them to be handled.
The first group of options create settings that apply to all cookies.
- Only accept cookies from originating server
Some pages try to set cookies from servers other than the one you are seeing the HTML page from. For example, they show you advertisements, and the advertisements are from another computer, often one that belongs to a large advertising group. These advertisements may try to set a cookie which would allow them to track the pages you view across multiple web sites.
Enabling this option will mean only cookies that come from the same web server as you are explicitly connecting to will be accepted.
- Automatically accept session cookies
An increasingly common use for cookies is not to track your movements across many visits to a web site, but to just follow what you do during one single visit. Session cookies are saved as long as you are looking at the site, and deleted when you leave it.
Web sites can use this information for various things, most commonly it is a convenience so that you do not have to keep logging in to view pages. For example, on a webmail site, without some kind of session ID, you would have to give your password again for each email you want to read. There are other ways to achieve this, but cookies are simple and very common.
Enabling this option means that session cookies are always accepted, even if you don't accept any other kind, and even if you choose to reject cookies from a particular site, session cookies from that site will be accepted.
The section for Default Policy sets some further options that are mutually exclusive — you can choose only one of these options as the default, but you are free to set a different option for any specific web server.
Site specific policies always take precedence over the default policy.
- Accept all cookies
If this option is selected, all cookies will be accepted without asking for confirmation.
- Accept until end of session
Cookies will be accepted, but they will expire at the end of the session.
- Ask for confirmation
If this option is selected, you will be asked for confirmation every time a cookie is stored or retrieved. You can selectively accept or reject each cookie. The confirmation dialog will also allow you to set a domain specific policy, if you do not want to confirm each cookie for that domain.
- Reject all cookies
If this option is selected, all cookies will be rejected without asking for confirmation.
In addition to the default policy for handling of cookies, which you can set by selecting one of the three options described above, you can also set policies for specific host domains using the controls in the Site Policy group.
The Ask, Accept, Accept until end of session, or Reject policy can be applied to a specific domain by clicking on the button, which brings up a dialog. In this dialog, you can type the name of the domain (with a leading dot), then select the policy you want to apply to this domain. Note that entries may also get added while you are browsing, if the default policy is to ask for confirmation, and you choose a general policy for a specific host (for example, by selecting Reject when asked to confirm a cookie).
You can also select a specific host domain from the list and click the button to choose a different policy for that domain than the one shown in the list.
To delete a domain specific policy, choose a domain from the list, and then click the button. The default policy will apply to domains which have been deleted from the list.
In the Management tab you can browse and selectively delete cookies that have been set in the past.
In the upper part of this dialog, you can see a list of domains displayed as a tree. Click on the little > next to a domain to see all cookies that have been set for this particular target domain. If you select one of these cookies, you will notice that its contents will show up in the frame Details below.
By clicking the button you can now delete the selected cookie. Click to delete all cookies stored.
If a domain is selected, you can use to set a site policy.
Choose to reload the list from your hard disk. You might want to do this if you have had the module open and are testing web sites, or have made many changes in the module itself.