This time around it's web cookies! I still get really bizzare email from people that are quite convinced that web cookies caused the collapse of the Roman empire and free trade as we know it. Seems like it is time for a prolix cookie discussion, to go...

_________________

hat is a web site? A standard low tech web site is just a collection of interlinked static documents. Your visit, as a web browser, basically just involves a request of a single page and the content on it. This really is an isolated event - you can jump into the middle of the web site, view a page and leave. Or you can make another request. Each request is a separate, autonomous action with no dependencies or assumptions.

Computer software is a different ball game. There is very specific initialization code that has to run to allocate memory, open data files, draw the user interface, and to prepare to interact with the user. You simply can not skip the initialization code and jump into the middle of the program like you can do in a web site.

Software generally needs to understand what came before the current action and what will follow. Can't display a menu until the window is created. Can't print until a document is available, and can't exit with an unsaved document loaded, for example. This requires that the software keep up with the 'data space,' your actions, your input, the state of the machine and its devices, and on and on. A typical web site has no short term memory. Thus you just get dumb text documents.

Get a tiny bit more sophisticated and you move into CGI programs that still can't remember you from one moment to the next. This is not 'remembering you' in the marketing data sense -- the software doesn't know that it has initialized once, doesn't know what you've seen, doesn't know what you need next. CGI programs simply generate a web page and terminate. Turn the page in a CGI catalog or shopping cart and the software has to be restarted with each page turn. CGI software basically can not 'maintain state' and does not have 'persistent storage' to allow it to function like 'real' software.

This is so fundamentally necessary to create software that I can't stress it enough. Imagine going to work each day, returning home, and having your spouse COMPLETELY forget who you are EVERY time. If the goal is to share the same bed in the evening then you have a lot of talking to do!

continued on right

Unfortunately much of the free world can read this post-it note and there isn't much room for creativity. A baby step beyond this model is to send a cookie to the browser with the data in it. This cookie can be temporary (memory only) or longer lasting (saved to disk).

Whew, sorry this is almost over. You really can't save much in a cookie. A better approach is to blow off CGI all together. Create special server software that can continue running after shipping a web page to the browser and thus can maintain data between requests/clicks. Because it handles many users at a time, the 'state' of your version of the software is stored on the server under a special ID that is created when you connect. That ID is shipped to you on a cookie. The next request you make is then put 'into context' because your ID informs the machine to restore your relationship without asking you to go through the mating dance again.

Major zzzzzzz's out there now! Okay, for those 'tons of cookies' web sites. Chances are great that the site designer did not design or request A SINGLE cookie be sent to you. What s/he did was use a more sophisticated solution like Microsoft Active Server Pages (ASP) to create an interactive, intelligent web site for you. When you connect to the ASP web site there is an initialization process that is run that can direct you to the entry pages, sets up the software for you, creates the ID you need to let your spouse remember you when you knock again in 2 minutes, and hands you the ID automatically on a cookie.

hen you get a cookie alert on these sites, and refuse it, you force amnesia on the server. The software can't function like that, can't recall initializing, and sends another cookie because it thinks you are somebody new. Refuse, and you are again new. Basically the server won't get tired of starting new sessions for you before you get tired of rejecting cookies. So there aren't tons of cookies -- just accept one and you should be off an running.

For those that imagine finding Big Brother or Big Marketing behind cookies I'd simply suggest improving your understanding of the technology and its uses. Cookies hopefully will just be a temporary fix for a very real design issue for programmers but for now they enable some of the best sites on the web.