Jan 2002, Jörgen Viksell - jorgen.viksell@telia.com, Jorge Arellano Cid -- Last update: March 2010 ================== Cookies in Dillo ================== The current specification for cookies is RFC 6265 ( http://tools.ietf.org/html/rfc6265 ). Cookies are handled by a dpi (plugin) which shares them between your instances of Dillo. Current cookie limits are: 20 per domain, and 1200 in total. When the dpi exits, cookies that you have ACCEPTed are saved to ~/.dillo/cookies.txt, and ACCEPT_SESSION cookies are forgotten. The dpi normally exits after a period of inactivity, but you can force it to exit with the command "dpidc stop". ===================== Controlling cookies ===================== Out of the box, dillo rejects all cookies. If you want to accept certain cookies, you can specify rules for different domains in the file ~/.dillo/cookiesrc. The syntax looks like: #host action DEFAULT DENY fltk.org ACCEPT .host.com ACCEPT_SESSION Line 0: Comment line begins with '#'. Line 1: Deny all cookies from all domains not otherwise specified. Line 2: Accept all cookies from fltk.org, and save them to ~/.dillo/cookies.txt when the cookies dpi exits. Line 3: Accept all cookies from all subdomains of host.com, but do not save them when the dpi exits. If you are positive that you will never want any cookies, you can configure/compile Dillo without cookie support. The option is: ./configure --disable-cookies =================== Cookies & Privacy =================== Cookies can be a severe threat to personal privacy. The pages you visit can be tracked, logged, and associated to a peronal data-record, allowing the possibility of building a detailed profile of your browsing habits. This data is sold to companies that profit from direct use of such information (SPAM, Spying, etc). If this data is cross-referenced with other databases, they can end up with more information than you have about yourself. Some people may tell you this is "paranoid". But please, take my words as those of someone who has written a web browser, a cookies implementation, and who has deep understanding of HTTP and cookies. The dillo project is especially concerned about privacy and security issues. Our advice is to avoid cookies whenever possible and at most set ACCEPT_SESSION to specific, trusted sites. -- You have been warned.