Computer cookies--OK to delete?

Typically the only bad thing that can happen when deleting cookies is that you will be logged out of every online site. It's not at all a problem when you know all the passwords but in cases where you don't that might be a bit annoying.

So in short, deleting cookies isn't usually harmful at all. Then again, having them is almost never harmful, and sites shouldn't care about how many total cookies you have typically either.

Here are instructions on how to delete them IE cookies through IE, which is easier and better than going through windows explorer to find them:

http://support.microsoft.com/kb/278835

A free program such as CCleaner will delete cookies with a click. You can easily indicate which cookies you would like to keep. i.e. A2K etc. so that you do not loose automatic logons etc.

An excellent program. I first tried it after Timber mentioned it in one of his many helpful posts.

Robert, is it possible for a cookie to provide information to the site that cookied you about any other activities that go on on one's computer?

Not unless your computer is already compromised, and in that case it would be easier for the malware to just phone home. That's the long answer, the short answer is really: no.

It's just a text file and doesn't hold much information (each request to the server that originated the cookie sends the cookie, so by necessity it needs to be very small). Usually it will just contain a unique numeric id that the site uses to reference data stored at the site.

For example, a2k uses a cookie that just contains your session id, which is just a long random string of numbers and letters that is tied to a session on our end.

The way the internet is designed is "stateless", which means the core protocols weren't meant to store "state". Each request was anonymous and blind to previous requests.

Storing "state" means stuff like knowing that you are logged in (instead of requesting a login on every page load) and cookies are just a way to store application state.

So as an example, when you log into a2k it sets a cookie with your session id, and with each request the server looks for that session id and if it exists and matches what you sent it keeps you logged in. There is another cookie (autoLogin cookie) that stores your login to automatically log you in if your session dies.

Browsers are configured to only let the domain that set the cookie read the cookie, so each site can only read the cookies on its own domain by default. It's theoretically possible to put malware on someone's computer that circumvents this kind of restriction but if you can do that you already have full control of the computer and you don't need to use cookies to get the information out.

But to generalize your question a website can do limited things to tell whether you have visited a particular site. For example, if you have a site in your history the "visited" links are often a different color. A site can link somewhere and then use javascript to check what color the link is and this way detect whether you've been to that particular url. It can't search your history and has to load a list of links to check. Here is a proof of concept:

http://www.debugtheweb.com/test/cssvisited.htm

Thanks for the cookie info. If I clean out the cookies, I assume there will be more room in the computer. Don't know if it's worth going through those zillion cookies, though.

I must ponder.

Yes, I agree with Roberta; thank you very much for the thorough explanation, Robert. You've enAdme2K.