Jon -

The Wiki article gives the general outline of how cookies are supposed to work, but I find some deviations in how Windows handles them. Unfortunately Microsoft doesn't provide much info - that I've found - on the exceptions.

As you've indicated, and as stated by the Wiki article, a session (temporary) cookie has no expiration date and should disappear at the end of the session.

A session should end when your browser is closed, not necessarily when you leave one site to go to another; but it's not clear that Windows always follows that practice.

In some cases it appears that a session cookie is invalid if you leave the site and return, but in other cases it remains until the browser is closed.

I also find a number of session cookies that do NOT disappear completely even after exiting the browser, running Disk Cleanup, and rebooting.

I also find a small number of persistent (with expiry dates) cookies that remain on my machine well after the expiration dates have passed.

The "cookie blocker" in IE generally blocks cookies from sites that do not have an "identity certificate" and/or a "privacy policy" conforming to "Microsoft's standards." When cookies are blocked by IE (and/or by the WinXP firewall), there should be a notice, and you can click on the notice and select whether to "allow for this session only" or "always allow for this site."

The notice and permission you give may also apply to site popups, XML content, etc. Giving permission to a site via the blocker does not appear to "register" the site in the normal place cited above where one manually lists "always allow" permissions.

Microsoft is vague about whether a persistent (with expiry date) cookie accepted during a "this session only" visit remains present for future sessions. Some information implies that one of these "one-shot" cookies may be modifed so as to be deleted at end of session. Any such modification possibly would result in a corrupted cookie, if the cookie remained on the computer. Conflicting (and similarly vague) info appears elsewhere. In general, a persistent cookie downloaded by giving permission via the blocking utilities will NOT be usable at a subsequent session, althoough there may be exceptions.

A number of "add-on" utilities also incorporate cookie and popup blockers. The basic Google search toolbar is one example. Usually if the WinXP firewall and/or cookie/popup blocker objects to something, it's blocked before the Google toolbar sees it. Sometimes a permission given via WinXP allows Google to object, requiring you to give the same or similar permission to the Google toolbar to get the content passed through to your machine. In very rare instances the Google blocker has indicated something blocked, permission is given to pass it, and subsequently the WinXP blocker complains, requiring a second permission.

A number of other utilities incorporate blocking of "undesirable content" of various, sometimes vaguely defined, kinds. Any such utility is at least a "suspect" in a case of unexpected cookie behavior.

The "standard" look at cookies is via Windows Explorer, at C:\Documents and Settings\username\Cookies. In this view, the expiration date is not displayed, so one can't really tell what kind of cookie a given one is.

The alternate place to look is again in Windows Explorer, at C:\Documents and Settings\username\Local Settings\Temporary Internet Files. At this location, one finds all the "temporary internet files," including cookies, and the expiration dates for cookies are displayed.

(The cookies listed in these two places do not necessarily agree with each other, although the differences should be minor. The two listings apparently serve different purposes, although Microsoft assumes you're too dumb to understand those purposes so they don't explain.)

John (pausing to reflect on 42)