Using cookies
Not all browsers can accept cookies and in many cases the users do not want to. Some will not accept cookies unless they are using Internet banking or online shopping because they feel that people leaving cookies on their computer and tracking them on the Internet is an invasion of their privacy. If at all possible, your sites should not rely on cookies. For login purposes, there is HTTP authentication, which is more appropriate than cookies in most cases. If you provide online shopping, your site can work without cookies too, by using a session ID that ends up in the URL. If you insist on using cookies, at least give a proper response saying why they cannot view your site.
Note also that European law requires sites to gain explicit permission before using cookies, unless those cookies are essential to the operation of the site (such as a shopping basket).
Try to minimise the number of cookies your site sends. If it tries to send over three, then you should find a different way. If you have cookies on prompt, it can be very annoying to have to accept or reject lots of cookies.
For the same reason, try not to resend cookies that have already been accepted. This is particularly noticeable on sites that use cookies as a session ID. It is usually unnecessary to send a cookie with each page that is viewed. If your cookies are set to expire quickly, say every 10 minutes, consider the following solution. Set the cookie on the first page that is viewed. At the same time, make a note of the time. If the person views any pages in the next 5 minutes, there is no need to resend the cookie. When they view a page after the 5 minutes, resend the cookie and again make a note of the time. Repeat as necessary. This way, the user will only have to accept one cookie every 5 minutes.
Last modified: 11 May 2011