Netscape cookies and how to protect against them

If you have Netscape 3.0 beta, go to "Options | Network Preferences | Protocols" and select "Send an alert before accepting a cookie". To test this, click hereand you'll see the server trying to set a cookie with the name COOKIE and the value COOKIE_MONSTER.

Note that the cookie gets set AFTER the variables are displayed; to see the cookie in the HTTP_COOKIE variable you may need to click on RELOAD.

You can click on CANCEL on the alert to refuse to allow the cookie to be set. Some servers are very persistent; they try to set the cookie for each image in the page as well as the page itself, so you may find yourself doing a lot of mousing to avoid being infected with cookies.

A cookie has five attributes:

For those with older versions of Netscape or a different browser, the cookie alert when you visit Netscape's registration page looks like this:

The server home.netscape.com wishes to set a cookie that will be sent to any server in the domain .netscape.com. This cookie will persist until 17:59:59 Dec 31, 1999. The name and value of the cookie are NETSCAPE_ID = c8372a3e,cf123456. Do you wish to allow the cookie to be set?

Versions of the Apache server seem to set cookies by default. The cookies are a little less Orwellian:

The server whoever.do.main.com wishes to set a cookie that will be sent only back to itself. The name and value of the cookie are: s = hangar2817846812366362. Do you wish to allow the cookie to be set?

Apache appears to construct the cookie value from part of the hostname, IP address, and the current time.

Last modified 2-Aug-1996.