An Analysis of the Prevalence of Cookies on the World Wide Web

he communications protocol that runs the World Wide Web is the Hypertext Transfer Protocol, or HTTP [1]. A key feature of HTTP is that it is stateless. This means that a web server can treat each request independently, without saving any information from the previous request. As a result of this optimization, many desirable capabilities were difficult, if not impossible. These include personalisation, e-commerce, and web-based e-mail systems, among others. In order to provide these services, a scheme was devised by Netscape [2] that provided a scheme wherein a web server could store some persistent information on a user’s system that could be later retrieved and sent back to the web site. These packets of information were called “cookies”. Information like account numbers, passwords, or shopping cart status could then be stored in the cookie for upload back to the web server the next time the user visited that web site. Since potentially sensitive information might reside in a cookie, web browser software was extended to give the user some control over these cookies. In the paper A Design of a Portable System for the Secure, Fine-grained Access Control of Hypertext Transmission Protocol Cookies, Hailpern[3] showed that all of the currently available web browser and cookie management software that has come available since that time, fail to offer sufficient control over the use of this potentially private, personal information.