Cookies are far from that and I would like to take a minute to to explain why they not only your friend but are essential to all the interactive websites you visit.
Mail ordering from a tent
HTTP is what's called a stateless protocol. This means that the server (website) never binds with a web-browser. Getting a page from a web-server is a bit like mail-ordering something - you're never actually in the shop, you just send over a request for a copy of The Half Blood Prince tout de suite. Because you're never in the shop, the shopkeeper doesn't know what you look like and won't recognise you the next time you order something.Now a bricks-and-mortar shop will obviously be able to recognise any repeat mail-orders by their address. On the web though, your address is constantly changing. Your cyber-address is about as helpful as the physical address of a backpacker - not very. The webserver knows where you are at the instant you call but when you contact it again, it's got no way of recognising you.
Life as an anonymous
When we first login to our online email we take it for granted that we'll still be logged in when we read our next email. Without any fixed address or way of identifying us though, how does Hotmail know that the request for my next email is from me and not Joe Schmoe@hotmail.com wanting to know what juicies my girlfriend has sent me? Hotmail either needs me to login every time I request a new page or it needs a way to identify me as being the feller that logged into my account two minutes ago.Who wants to login every time they change pages? Not me, so lets look at the second option: how do we identify ourselves to the server? One possible way to solve the problem would be for every computer to have a unique, fixed address. Great, except that www.dodgydealers.com can read your fixed address just as easily as www.hsbc.com and can then wander to www.hsbc.com, use your address to masquerade as you and take allyourlifesavings.cash. Another plan is called for.
I'll be in the beergarden
Think of the humble webserver as a bit like an overworked but jolly pub landlord taking your food order. You go up to the bar, pay for your food and then head out the back to enjoy the sunshine and peacocks. Your food order disappears into the kitchen and when the lasagne has been duly defrosted, microwaved and garnished with iceberg and a radish it's given to a waiter whose job it is to find you.How does the waiter know that you are in fact the purchaser of said lasagne? He could of course ask - "excuse me, is your name Peter and would you like me to give you lasagne and chips" but it's hardly the have/know/are approach to authentication.
Star of The Saint
The Trout in Oxford has a developed an effective and efficient method which works like a charm no mattter how crowded the pub gets (and it gets very crowded) or how many people are ordering. They use a spoon.You place an order and you get given a big wooden spoon with your order number on it. You stick it in a bottle on your table and when the waiter comes round, he can read your order bumber and reliably identify you as the legal recipient of one Beef Wellington (no microwaved lasagne here my friends).
The cyber-spoon
The web has a spoon system too except because TCP/IP is not particularly sympathetic to spoon-delivery, websites use little text-files instead.Like the spoon, these files are given to you by the web-server (landlord) and you store them on your computer (stick them in your bottle). The web-server can write anything it likes into that file and most servers will simply use it to allocate you a unique ID (order number) so they can remember you.
Every time you go to that web-server your computer automatically sends the file with your request (shows it to the waiter). The beauty is that only the server that initially gave it to you can see it. No webserver can see the file that Amazon gives you and Amazon can't see the files that any other webserver gives you. That file is a cookie and she wants you to like her.
Cometh the hour, cometh the little text-file
Far from being harbingers of evil, cookies are in fact a very elegant, anonymous and powerful solution to a very real problem. From a web-server's perspective, your cookies are your identity and your reputation. Without them, you're no more trustworthy or recognisable than the next man.Without cookies it would be impossible to have persistent logins*. Every refresh of your webmail, your banking, your Amazon purchases or your snaps on Flickr would require you to login again. That's right - every single new page would require your username and password.
Come and meet your new friends
Cookies are fundamental to how the web works and are an essential piece of its architecture. Without them we would be left with higher web-dev costs, and both less secure and lower-quality applications.Arguing that we should get rid of cookies is about as helpful as arguing that spoons are bad because the Trout knows which bill to add your pudding to. You may well moan that the spoon is merely a conduit to the inescapable and pervasive nature of 21st dessert-marketing. You may do but you won't with me, it's not an argument I find interesting. I am however interested in you knowing that without the spoon, you'd never have had your Beef Wellington.
* I realise that there logins can be achieved using the URL but there are a lot more very real security, architecture and reliablity problems associated with this approach than with cookies.
