I’ve always looked at cookies as a mixed blessing. There’s little doubt that cookies can be handy. For example, I have absolutely no idea what my user name and password are for the TechRepublic Web site, but I don’t have to know because the Web site uses a cookie to automatically log me in when I visit. However, there are a lot of other sites out there that you probably don’t want placing cookies on a user's machine. So, to help you manage cookies for your organization, I’ll discuss how Internet Explorer 6 (IE6) deals with them.
|The Delete Cookies button allows you to quickly remove all of your cookies.|
The Privacy tab
As you might recall, IE5 relied on security zones for privacy. So, the way that IE5 dealt with cookies was based upon the security zone that a Web site fell into and the security settings for that zone. For example, by default, the Internet zone is set to use a Medium security level. Under the Medium security level, cookies and per-session cookies are permitted. Even if you apply custom security settings, cookies are either allowed or not allowed depending on your setting in that particular security zone. There was no option to gain tighter control over cookies.
Notice in Figure A that the Internet Options sheet contains a tab called Privacy that didn’t exist in IE5. Although IE6 still uses the concept of security zones, it has moved cookie control from the Security tab to the Privacy tab.
|You can use a simple slide bar to set the level of privacy you desire.|
Custom privacy policies
Cookies on individual Web sites
At the bottom of the Privacy tab is an Edit button (see Figure B) that you can use to override cookie handling for individual Web sites. When you click the Edit button, you’re presented with the Per Site Privacy Actions dialog box, as shown in Figure D.
|The Per Site Privacy Actions dialog box allows you to manage cookies on a per-Web-site basis.|
If you later decide that a permission or denial was inappropriate, you can get rid of it by selecting it from the list of managed Web sites and clicking the Remove button. You can also use the Remove All button to completely clear the list.
The future is in P3P
Notice in Figure C that one of the check boxes is labeled Override Automatic Cookie Handling. At first you might not have thought anything of this wording. However, IE really does perform automatic cookie handling.
Automatic cookie handling is based on the P3P protocol. P3P is an Internet standard that is still under development. The idea behind this protocol is that based on minimal input from the user, P3P allows the computer to make complex decisions on the user's behalf.
But P3P wasn’t just designed to handle cookies. It can be used to control the settings for the entire Internet experience. Therefore, you can expect the P3P code in future versions of IE to grow increasingly more complex as more and more policies are controlled by XML code.