If you frequent Internet newsgroups or keep yourself informed of technology news through Web-based media, you've probably heard quite a bit about cookies. No, I'm not talking about cookies of the oatmeal-raisin variety, I'm talking about Client Side Persistent Information.

Why would a Web site write a cookie to your browser? The simple answer, and the reason cookies were created in the first place, is that cookies improve the efficiency of the relationship between a particular person's Web browser and a Web site. Cookies help a Web site remember you from previous visits, and this information can be used to personalize your surfing experience — potentially making it more productive or enjoyable. Cookies also enable Web sites to:

• track quantitative data on the most-traveled parts of a site, and those areas which are less popular
• help site builders understand the user experience on their site
• store personal information that you have provided to that site on a Web form
• save your password information so they can verify who you are when using a service (such as Hotmail)
• provide online shopping so you can select items and place them in a "Shopping Basket" (which is really a "cookie basket")
• personalize your browsing experience with Web site greetings such as "Hi, Bob, Welcome back to my Web site! This is your 3rd visit."

A cookie is a coded piece of information written by a Web site, containing information about the preferences you exhibited during your visit to that site. Like Mail and Favorites, this information is stored internally on our servers for you. The next time you request the URL for a site that wrote a cookie to your browser, the http request includes your cookies — which can only be read by that site.

All cookies contain a few standard pieces of information: the domain, name, path, lifetime and value of the cookie. The name and value of a cookie represent the user-specific information a site wishes to store. The path tells the browser which parts of a Web site should be able to read a specific cookie, while the domain field tells the browser on which server(s) the cookie is located. The lifetime or expiration of a cookie determines the length of time a cookie remains on our internal servers. Web sites can set the expiration of a cookie for the time when a user quits their browser (these are called session cookies) or for some time in the future. In the case of a WebTV, session cookies expire only when a user turns off their terminal or switches user accounts. The creator of a cookie determines the expiration value, and whether or not they employ session cookies.

Clearly, not all Internet citizens are happy about the fact that some Web sites are tracking visitor preferences and using this information to manipulate sites accordingly. In fact, many Internet users view cookies as a direct threat to individual privacy. Exacerbating this perceived threat is the notion that cookies are not only used internally among Web sites and Internet content providers to improve and tailor their sites, but are now also widely used as tracking devices by advertisers and commercial Web sites. These advertisers and commercial sites use cookies to target products and services for particular consumers. The debate over cookies as a threat to privacy and Internet security continues to rage. As with most concerns over privacy related to the Internet, a common sense approach will go a long way toward easing your fears. Neither cookies nor Web sites can access your mail, Favorites, or any personal data. The function of cookies is to store data that you have provided to a Web site. If you volunteer sensitive information on a Web site form, that site may save part or all of this information to a cookie. In other words, the only sensitive information that should end up in a cookie is information that you choose to provide.

Here are a few of the most commonly-asked questions we receive about cookies:

Q. Is WebTV tracking my movements through cookies?

A. WebTV does not use cookies to track users' movements through the Internet.

Q. I heard I can get a virus through my cookies. Is this true?

A. Cookies are simple chunks of text, and because these files are not "executable" there is no danger of the transfer of a virus through cookies. Because WebTV cookies are stored securely on our internal servers, they cannot be attacked by a malicious third party.

Q. Why not store information about specific visitors (or browsers) on the client side of this relationship? In other words, why doesn't the Web site store cookie information instead of writing it to our browsers?

A. It's not feasible for Web sites to store this information. Just imagine the amount of storage space it would take to store preferences for every browser that visited a popular site. The idea of keeping cookie information on the individual client's browser represented a major breakthrough in improving the efficiency of the relationship between a user and a Web site. Also, cookies allow Web sites to identify you without your having to register and provide a password.

Q. What is the difference between a "static" and a "session" cookie?

A. Session cookies expire when a user turns off their browser, or in the case of WebTV, when that user powers off their terminal or switches user accounts. These kinds of cookies are used mainly to track popular portions of a site, and aid developers in enhancing those elements of a site which are most widely used. Static cookies are set to expire at a certain time (defined by the programmer), and will still exist after you turn off your terminal or change users.

There is plenty of information on cookies available on the Internet. If you wish to read more, try doing a search for "cookies" on your WebTV (you'll need to disregard, or maybe save for later, sites devoted to homemade chocolate chip cookies and the like). You can also visit the following sites:

Cookie Central

Andy's HTTP Cookie Notes