The Case for Fat-Free Cookies

I have configured Netscape 4.7 to alert me when a web site wants to set a cookie. It’s easy to edit this file on the Mac, butI find it interesting to observe cookie behavior rather than edit the file.

Probably only a more experienced or “geeky” web sitevisitor will have this configuration. Nevertheless, Cookie Central reports that online privacy is a major web policy issue — just ask DoubleClick if you have any doubts.

Even if privacy is not an issue, I’ve discovered ways that administrators can make life more pleasant (or the converse) by how they manage “state.” Far too many web sites are laden with cookie calories — time to put them on a diet!

The Gratuitous Cookie
Am I the only person who has wandered into a web site that wants to set a cookie for each-and-every-image on the web page?

Last week, I counted 39 requests to set a cookie … on an image … for WebTrends! The most annoying part of this scenario, of course, is that it’s impossible to exit the web site until the entire sequence of cookie requests has been executed. That is, unless you are willing to force-quit the browser.

I do not know if this is a default configuration setting in WebTrends software — or the result of an over-zealous administrator or marketing director. Since the WebTrends web site wants to set about a dozen cookies prior to entry, who knows where the culpability lies. The result, however, is the same: I run away screaming, never to return.

The Never-Ending Cookie
Many cookies have no “expiration date” — which means that they will expire with the current session. However, some administrators think that our love affair with their web sites will last longer than the average U.S. marriage — much less the lifetime of many dotComs!

For example, J2 Communications (formerly JFax) wants to set a rash of cookies before you enter the site. One expires 1 January 2038:

Not to be outdone, online retailer BestBuy.com also tries to set many cookies before there’s a thing in my shopping cart. One is a cookie to test if cookies are “on.” One is set to expire in 2036:

Make your time parameters realistic! Most should probably be session variables only — with exceptions noted next.

The (True) “We’re Doing It For You” Cookie
When I visit the New York Times or the Wall Street Journal, I want those publications to remember me — not to ask me to login each time I visit or each time I try to read a new article.

At Outpost.Com or Amazon.Com — I want them to know who I am when I get ready to checkout — and I want all my items to stay in my shopping cart until I do checkout.

Same thing when I visit my Yahoo.Mail account — ask me for my password for each session, but remember who I am between sessions, please. [eBay — take notice.]

In each of these cases, the web site is providing me with a timesavingoption — and it does so with a minimum of “cookie setting” and hassle.

The (False) “But We’re Just Doing It For You” Cookie
Contrast that with a visit to the J2 web site with cookiesoff. Here’s the “oops, sorry” greeting – with cookies off, you cannot evensee the home page!

What are the cookies that I have passed up — cookies that will make using this site “more convenient”?

1. Test Cookie (really)
2. Seen Demo (expires in 27 years – 2038 )
3. Gobbledygook (see for yourself)
4. Flash=5 (expires in 12 months)
5. Has Flash (expires in 12 months)
6. Netscape=4 (expires in 12 months)
7. OS=MacPPC (Hardware defined as Operating System)
8. Unix=no (no Linux on this machine)
9. Mac=no (wrong, this is a Macintosh)

Why a test cookie? Here is the programmer documentation in the source code — if it fails, then what?

<!--//Set test cookie for jsource login
SetCookie ("jfaxcookietest", "1", null, "/", ".j2.com"); -->

Why do I need Flash? The mouseovers on the home pagenavigation trigger a Flash file instead of GIFs or JPEGs. One “image” to download instead of four — but the movementis jerky, and I must have the plugin. Please help me understandhow that has made my visit “more convenient.”

Why a cookie that says I’m using Netscape? This informationis in server logs for statistical purposes. Most sites that wantto serve different versions for different browsers use Javascript detect code. This site uses Javascript to set the cookies and still has the standard browser detect Javascript code embedded. I’m not opposed to relevant redundancy, but this set makes me ask “Why?”

Why three “operating system” cookies? It is their architects who have elected to identify this G3 hardware as “operating system” (not me). This machine is most definitely a Macintosh (unless Macintosh in this casehas been defined to mean “nonPPC Macintosh”). And although I could be running some variant of *nix, I’m runningMacintosh OS9.1.The overriding (and unanswered) question, however, remains “Why is this informationbeing captured in cookies? What’s in it for me?”

Contrast that (and the BestBuy.com site) with Outpost.Com — where one session variable serves up a site that is much more complex than J2’s (and they finally have human-readable URLs, too!).

Bottom Line
When there is something in it for me — I’ll glady accept cookies, and in this I think I’m representative of much of the “experienced” Net population.

But time-insensitivity, gratuitous cookie-setting, and an over-inflated regard for bells-and-whistles add up to poor customer experience. And lend credence to the spate of privacy concerns associated with cookies.

Put your web server’s state management on a diet — change to fat-free cookies today!

Referenced URLs

• BestBuy.com
• CookieCentral.com
• J2 Global Communications
• Outpost.com
• Web Trends