McGraw-Hill - $34.95
Update (5/12/2000): Microsoft Internet Explorer browsers for Windows (5.01 and earlier) have a bug that allows hostile code to access cookie information from multiple sites. The initial report is at Peacefire, and Slashdot also has discussion.
The most important thing that cookies do is allow developers to maintain state across a series of transactions. When HTTP was first developed, it assumed transactions without connections to each other. Every document fetch was a separate action, with no record kept of the referring document. Server administrators could examine their logs to see who had visited, but firewalls, dynamic IP addresses, and the scanty information kept in those logs made it difficult to identify invidual users and the paths they had taken through a site. By placing a small "nametag" or other information on the client computer, it's easy to tell if a visitor has been to a site previously, and connect the identity of that visitor to other information kept on the server. Cookies allow site administrators to follow users as they travel through a site, and allow them to store a small amount of information on the client (like the classic shopping basket).
While cookies were initially.developed by Netscape, Microsoft has endorsed them enthusiastically and made them a core part of many of its tools, as well as its web sites. While both vendors use the same cookies, the ways in which they apply them are frequently quite different. Similar tools can use significantly different methods to obtain the same result, while remaining compatible with browsers from both parties. The simple structure of cookies has shielded them from incompatibilities to some extent, but developers will need to know how different servers and different technologies apply them.
In addition, cookies are facing their greatest changes since their early appearances in Netscape 1.1 and 2.0. The Internet Engineering Task Force (IETF) is nearing approval of the controversial RFC 2109, which includes both a specification for the contents of cookies (endorsing and extending the existing Netscape standard) and a rules covering the ways servers and browsers should handle cookies. At the same time, Netscape, Firefly, and VeriSign (with the support of Microsoft, Sun, IBM, HP, and a horde of other computer, financial, and media companies) have proposed the Open Profiling Standard to address many of the privacy and identification issues raised by cookies. Rather than require web sites to ask for information repetitively, OPS starts by having users enter personal information, then releases it (with consent) when requested. While not strictly a cookie, OPS has similar implications and performs many of the same tasks in a more secure way.
Cookies includes coverage of:
Order Cookies from Amazon.com!
Order Cookies from Amazon.co.uk!
Cookies is available in Japanese and Portuguese. The Japanese edition is published by ASCII Corporation, and has the ISBN 4-7561-2012-1. The Portuguese edition is published by Editora Berkeley, and has the ISBN 85-7251-503-8.
Code through Chapter 4 is available, with more appearing each chance I get to update it.