Creating and Using Cookies
What Is a Cookie?
You've seen the benefits of global variables in many places so far in this book:
Within a single page, a global variable saves coding by making the variable's value available to all the statements, functions, and scripts on that page.
Within a frameset, global variables in the frameset page enable you to "store" values that are accessible to scripts within not only the frameset page, but also within all of the child frames.
Unfortunately, when the user navigates to a different page or frameset on your site, or when the user leaves your site and returns later, the values stored in all those global variables are lost forever. If you want to store data such as user preferences, ordering information, or user names and passwords, you need some way of creating a truly "global" variable that maintains its value across pages and across browser sessions.
In the simplest terms, a cookie is just a chunk of text that is stored on the user's hard disk. Where the cookie gets stored depends on the browser and on the operating system:
The Windows 9x versions of Internet Explorer store each cookie is a separate text file in the Windows\Cookies folder. In Windows 2000 and XP, the file is in the Documents and Settings\UserName\COOKIES folder (where UserName is the current user's Windows login name). The file usually takes the name UserName@Domain.txt (where Domain is the domain name of the site that saved the cookie). On the Macintosh, Internet Explorer stores the cookies in a file named cookies in the SystemFolder:MS Preference Panels folder.
Netscape stores each cookie as an entry in a single text file. In Windows, the file is named cookies.txt and is located in the Netscape\Users\UserName\ folder. For the Macintosh, the file is named MagicCookie and can be found in the System Folder:Preferences:Netscape Users:UserName folder. (In both cases, UserName is the current user's Netscape profile name.)
This simple cookie will serve you well for many uses, but, as you'll see a bit later when I show you how to set a cookie, you can also create more advanced cookies that have expiration dates and other useful features.
The other important cookie crumb that you need to bear in mind is that all cookies are site-specific. That is, your scripts can read only the cookies that have been created by pages on your site. Similarly, scripts on other sites can read only their own cookies. It isn't possible for one site to create, read, change, or delete cookies that belong to another site. In this sense, cookies are a perfectly secure mechanism for storing data.
In a different sense, however, cookies are anything but secure. As you'll see a bit later, cookies are stored on the user's computer as plain text. This means that if you store sensitive data such as a password or credit card number, anyone who has access to the computer also has easy access to this data. Later in this article, I'll show you how to encode or encrypt cookie data for a higher (but still not perfect) level of security.