Typically, each time a browser requests a URL from a web server the request is treated as a unique transaction. This means that subsequent requests from the same browser will appear to the web server as completely independent requests without any correlation. In order to establish a relationship between requests, web servers and browsers send what are known as cookies[5] with each transaction. A cookie is a small piece of information generated by a web server to uniquely identify a browser. When received, a browser will store the cookie in memory (and possibly on disk) and return it to the server with each subsequent request.
Many web server applications make use of cookies and fail to work properly if cookies are not supported by the browser. These applications include virtual shopping carts and web site personalization. Cookies can also be used to remember information a user may have already provided such as their name, favorite color, phone number, or zip code. By storing this information in a cookie, a web site can display pages with a user's favorite color or even with the user's local time and temperature.
While cookies can serve many beneficial purposes, they can also be used to reveal a lot of information about web users. A good example of this can be shown in how the DoubleClick Network, a commercial advertising system, is using cookies. Web sites register with DoubleClick to include advertisement banners in their web pages. A banner is usually a single (animated) image that appears near the top of a web page. What makes the banner different from other parts of the web page is that it is not downloaded from the current web site. Instead the banner is downloaded from a DoubleClick server using a cookie. At first glance, the cookie received from DoubleClick may seen innocuous, especially when only considering a single web site. However, when the same process is applied to hundreds of web sites, the cookie becomes very significant. Not only does the cookie inform DoubleClick that a user has visited one web site, the single cookie can be used to track the user across hundreds of sites. With each site visit DoubleClick learns more about each user while building its extensive user profile database. Applying this to the earlier grocery store example, if every grocery store was a client of DoubleClick, that shopping cart filled with previously purchased items could be waiting in stores a customer has never visited.
Cookies were originally designed by Netscape and support for them was initially included in Netscape 2.0. Cookie support could not be turned off and the presence of cookies was completely hidden from the user. As awareness and complaints regarding cookies grew, Netscape 3.0 added the ability to turn support for cookies on and off. Also included was a cookie dialog box which would ask the user whether or not a cookie should be accepted. The dialog box may seem like the ideal solution but in practice the user is bombarded with questions and usually frustrated enough to simply enable cookies. In what seems to be a direct attack on the practices of the DoubleClick Network, Netscape 4.0 includes a feature to only accept cookies from the originating web server. This prevents cookies from being sent to DoubleClick for its banner images.