×
Namespaces

Variants
Actions

Cookies Management

From Nokia Developer Wiki
Jump to: navigation, search
Article Metadata
Article
Created: User:Aadhar14b (19 Oct 2009)
Last edited: hamishwillee (08 May 2012)

Note.pngNote: Original article published at http://patterns.littlespringsdesign.com/ (Little Spring) under Attibution 3.0. Note, link is broken and original site no longer available.

Contents

Introduction

Cookies are a popular method of preserving state and other context information, during a session or between sessions by identifying users and, sometimes, storing key data locally. Unfortunately cookie support varies across devices and carriers.

Design

Determine whether each cookie's function can be fully or partially accomplished through the techniques below, or other techniques. If a large portion of the site has an unacceptable user experience after reducing cookie use to its minimum, then perform a cookie test on all possible site entry pages. If the cookie can not be read on the next page, advise the user of the problem. Most users can download a browser to their phone; Opera Mini runs on all Java ME devices and supports cookies well.

One simple technique is to add user identification data to the URL string and then having the user bookmark the URL string with ID.

Cookie.jpg

Security

Cookies are, somewhat rightfully, given much grief for security violations. These generally stem from placing identifying information about the user, their preferences or their history, directly in the cookie. A much better method is to place an identifying value in the cookie or URL string instead. Most personalized web services do not require authentication, but just identification. Any preferences or personal information can then be retrieved by the server based on this identifier. When the site must authenticate, the password can be requested from the user at that moment.

Authentication credentials (passwords, SSNs, etc.) should never be placed in cookies or URL strings, even encoded. The identifier string mentioned above should not be the same as any other value used by your company (i.e. phone number or account number) but a unique identifier for the cookie only.

Applicable Applications

Browsers

Used When

Use for web applications when the universe of browsers is not controlled or otherwise unknown.

Advantages

Many mobile browsers do not support cookies, or do not support them consistently. Some users may have cookies disabled. Other users may have cookies enabled, but their carrier or device may expunge cookies.

Users who have to enter a user name and password two to three times per session of using email will quickly stop using the service.

This page was last modified on 8 May 2012, at 03:19.
26 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.

 

Thank you!

We appreciate your feedback.

×