Cookie Hysteria

Cookie Hysteria is the irrational and erroneous belief that HTTP cookies on the World Wide Web are dangerous.

This is wrong for the following reasons:

• It is very important to remember that the server can only read cookies that it, itself, has set. A cookie set by vistua.com cannot be read by google.com, for instance, this is because cookies are sent by the browser, not retrieved by the server.
• Cookies are not computer programs of any kind or viruses and do not contain executable code and are isolated on the host system. Cookies do not alter the behavior of the browser, only of the server. Cookies are information and therefore non-actors.
• Cookies are limited in size, Firefox and other major browsers do not allow more than 50 cookies per server to be set and in practical terms, individual cookies could not exceed 4 kilobytes.

Proviso: It is possible for a site to cause to be set a cookie outside of its domain by including an image from that domain. In this scenario, called "third party cookies" the server sending the image from the other domain sets and reads its own cookies. The server that sends the page that includes the image cannot actually read the third party cookie, or vice versa.

However, if these sites are operating in close cooperation, they could share data with each other by another mechanism. However, in this case, this is not any different than if the site had set its own cookie. Typical uses for this are outsourcing arrangements (such as when a site uses a third party service for traffic analytics) and cross-domain authentication networks such as passport.net