[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8. Cookies

HTTP is a stateless protocol which means that the server sees every request for pages independently with no idea of how it relates to any other request. Therefore the server has no idea whether or not you've seen a page before, or whether you've registered (if that's an option). Cookies(2) are used to add state to HTTP sessions. Cookies are defined in RFC2109.

Cookies are saved in the file specified in url-cookie-file, which is w3-configuration-directory/cookies by default. Note that this file should probably not be world writable, and possibly not even world readable.

Some people see cookies as an invasion of privacy while others see them as a product of badly designed websites and buggy servers. Emacs/W3 lets you unconditionally reject all cookies by adding cookie to url-privacy-level or setting it to paranoid (see section 7. Security) but for those who want finer control over what to accept and reject, Emacs/W3 offers url-cookie-trusted-urls and url-cookie-untrusted-urls which are lists of regular expressions that match URLs from which cookies should be accepted and rejected respectively. If a URL matches patterns in both of these, then Emacs/W3 decides whether to accept or not based on the most specific match (the most specific match being the shortest match). Note that Emacs/W3 only considers the first match for each variable, so the regular expressions should be in increasing order of generality.

For even more control over which cookies are accepted, you can set url-cookie-confirmation to non-nil, in which case every time a cookie is offered Emacs/W3 will ask if you want to accept it. This only applies to cookies that would otherwise be accepted, Emacs/W3 will still reject cookies from URLs matched in url-cookie-untrusted-urls.


[ << ] [ >> ]           [Top] [Contents] [Index] [ ? ]

This document was generated by XEmacs Webmaster on October, 2 2007 using texi2html