About a week ago, I was poking through my browser preferences for some reason or another, and I decided I would try turning off my cookies completely for a change. I’m not a privacy advocate or paranoid by any means, but I do like to blacklist the obvious ones that are going to advertising sites, just because I hate ads, mostly.
I figured I would have a lot of problems with sites yelling at me for not having cookies enabled, but in fact its been quite the opposite. I’ve only had one site so far croak on me (Circuit City) even when I modified the permissions manually. Other than that, since then I’ve only had to allow about five other sites to set cookies as well. It’s been pretty nice.
I realize that there are other ways of course to track my clicking habits and browser history server side, but at least I made it a little harder for some of them.
My other pet peeve is that so many websites do set cookies. Why do they need them? And then there’s the websites that set dozens of them for no apparent reason. It’s just odd when you think about it.
Sadly, HTTP doesn’t leave many avenues of session management.
Either one has to use cookies to pass a session ID on the client, or it has to be passed in GET/POST variables. Since you can’t pass a POST variable in a hyperlink, this means GET variables, which leave yourself open to session hijacking. (as people can simply copy & paste the URL)
I know cookies are frequently abused, but how else does one accomplish some of these other tasks?