Look at Charles Yeoman's post. This is just one of very many packages. It works. It's relatively accurate.
And I don't understand your other comment. Site's can't request cookies. It's quite the opposite, the browser sends the correct cookies *to* the site. So when I make a request to Amazon, they can send a cookie back in the response headers, and the browser stores it. When it sends another request, the browser is responsible to looking up which cookies match the domain, path, expiration, security, etc and send back *only* the ones that match. So like I said, cookies can be sent to the browser for any domain. The browser *should* do some sort of matching to ensure cookies from different domains aren't set, but we can't guarantee that. So, yes, I can *request* that a cookie be set to realbasic.com and "lazy-browser x" may accept it. But when the next request is sent to my site, unless the browser is completely stupid and doesn't know how HTTP works, I'd never get that cookie back. Quick Question, not meant to be snotty, so please don't take offense. Do you know the Hypertext Transfer Protocol? I do. This kind of stuff is what I do. I'm a web developer first, and a REALbasic developer second. I've written a very nice HTTP Server for REALbasic. I know how this stuff works. I'm not trying to argue with people, but I am trying to clear up misconceptions. My PC (I'm not including all my Macs because they don't get into trouble anyway) runs very light antivirus software. I actually use MSIE and accept all cookies. Once in a blue moon, I run a more detailed search of the computer. I don't have problems, never anything. Cookies are not evil! Amazon.com *cannot* get a cookie from REALbasic.com without the user running a completely ridiculously stupid browser that would send *every* cookie they have to *every* page they visit. There is one major point to remember: Cookies are not requested by the website. They are sent to it by your browser. Javascript breaks this rule a little, but would still behave the same way - again unless the browser is wrong. The biggest misconception is that websites request cookies from the browser. Javascript aside, this is just plain wrong. Javascript still runs by the same rules, but if you want to protect yourself, turn off Javascript *before* denying all cookies, it'll do you far more good - though still very little good in the grand scheme of things. Hell, simple images are more of a risk than cookies. I'm going to stop arguing fact. I've already wasted enough of this mailing list's time. Anybody that feels like responding, please do it off list. -- Thom McGrath, <http://www.thezaz.com/> "You don't need eyes to see, you need vision" - Maxi Jazz in "Reverence" by Faithless On Apr 30, 2007, at 3:27 PM, Adam Shirey wrote: > Not always. I have flushed out cookies from my browser that contained > my zip code. Furthermore, I have also seen advertising that identifies > me as being from one of two cities -- St. Cloud, MN, being one of > them. A simple IP lookup would almost certainly have resulted in this > hit, as this is a relatively large location in terms of Internet > infrastructure in my geographic location. There is virtually no chance > an IP address lookup could zero in on the city in which I live, > especially since it is only several hundred people and no tech > business (compare to the aforementioned city of tens of thousands of > people and a number of tech companies). > > Eliminating IP lookups, cookies storing zip codes is the only logical > answer. Certainly IP lookups are possible and are likely done more > than zip codes, but my point is that it is not only possible, but it > does happen. _______________________________________________ Unsubscribe or switch delivery mode: <http://www.realsoftware.com/support/listmanager/> Search the archives: <http://support.realsoftware.com/listarchives/lists.html>
