Lesson 13: Cookies
How and what kind of information websites are collecting from their users, and especially how they use it, is a hot topic. Often cookies are mentioned as an example of how information is collected and pose a threat to your privacy. But are there reasons to be worried? Judge for yourself. Once you have gone through this lesson, you will know what can be done with cookies.
What is a cookie?
A cookie is a small text file in which a website can store different information. Cookies are saved on the user's hard drive and not on the server.
Most cookies expire (delete themselves) after a predetermined time period, which can range from one minute to several years. But the user can also identify and delete any cookies on his/her computer.
Most browsers - such as Microsoft Internet Explorer, Mozilla Firefox and Google Chrome - can be configured to let the user choose whether or not he/she will accept a cookie. But then, why not just say no to all cookies? It is possible. But many websites would not work as intended without cookies, since cookies in many contexts are used to improve the usability and functionality of the website.
How is information stored in a cookie?
It easy to set or modify a cookie in ASP with 
Response.Cookies . In the first example, we will create a cookie and set the value.
First, you need a name for the cookie. In this example we will use the name "HTMLTest". Next, you set the value of the cookie like this:
<% ' Setting the cookie Response.Cookies("HTMLTest")("Name") = "C. Wing" Response.Cookies("HTMLTest")("interest") = "planespotting" ' How long the cookie should last - in this case one year Response.Cookies("HTMLTest").Expires = Date+365 %>
In this example, we stored information about a user's name and interests. This information can, for example, be useful to target the website specifically for the individual visitor.
How do you retrieve the value of a cookie?
To get the value of the cookie, Request.Cookies is used. For example, if we need the information from the example above, we do it like this:
<% ' Retrieve values from the cookie strName = Request.Cookies("HTMLTest")("Name") strInterest = Request.Cookies("HTMLTest")("interest") ' Write to the client Response.Write "<p>" & strName & "</p>" Response.Write "<p> Your interest is " & strInterest & "</p>" %>
Who can read the cookie?
By default, a cookie can be read at the same second-level domain (eg. html.net) as it was created. But by using the attributes domain and path, you can put further restrictions on the cookie.
<% ' Setting the cookie Response.Cookies ("HTMLTst")("Name") = "C Wing" Response.Cookies ("HTMLTest")("interest") = "planespotting" ' How long the cookie should last - in this case one year Response.Cookies ("HTMLTest").Expires = Date+365 ' The cookie should only be read by fr.html.dk Response.Cookies("HTMLTest").Domain = "fr.html.dk" ' The cookie can only be read by pages in this folder Response.Cookies("HTMLTest").Path = "/tutorials/asp" %>
Example of a cookie
We can try to save a sample cookie on your computer and then see how it looks.
The following code sets the cookie:
<% ' Setting the cookie Response.Cookies ("HTMLTest")("text") = "This text is in a cookie!" ' The cookie should live for 24 hours Response.Cookies ("HTMLTest").Expires = Date+1 ' The cookie should only be read by www.html.net Response.Cookies("HTMLTest").Domain = "www.html.net" ' The cookie can only be read by pages in this folder Response.Cookies ("HTMLTest").Path = "/tutorials/asp" ' Write the information to the client strText = Request.Cookies("HTMLTest")("text") Response.Write "<p> & strText & "</p>" %>
The cookie is being placed on your hard drive. Depending on what operating system you use, your cookies may be saved in different places. Once you find them, they will probably look like this:
As you can see, a cookie is an normal text file that can be open with for example Notepad. The contents of the cookie we have just created will probably look something like this:
We will not go into detail with the different codes, but simply note that the user has full control over cookies on his/her computer.
In this lesson we have looked at what cookies can do but not what they can be used for. It's a common concern that some sites use cookies for inappropriate activities. But in most cases, cookies are used to make sites more user-friendly or relevant for the individual users.
If you choose to use cookies on your site it might be a good idea to tell your users that your site uses cookies. This can, for example, be communicated in a privacy policy or registration process.