Create a cookie

In this activity you will create a web page that sets a cookie and then experiment with different ways to protect yourself from cookie tracking.

Step 1: Edit a basic web page

In this activity you will create a web page that sets a cookie and then experiment with different ways to protect yourself from cookie tracking.
  1. Download the basic_page.html file onto your computer by right clicking on the link and selecting "Save As" and saving it somewhere you can find it. You must use "Save As" to save the page, if you click on the link the page will open instead of downloading.
  2. Drag the file onto Firefox (or click on the file if Firefox is your default web browser). You should see a page which just says "This is a very simple practice page."
  3. Open the file entitled "basic_page.html" using a simple text editor such as the ones listed below. Do not use Microsoft Word, if you use Microsoft Word none of the instructions below will work.
    • Windows: Notepad
    • Apple: BBEdit
    • Linux: kwite or gedit
  4. You should see some HTML code and one of the line should say "This is a very simple practice page." Go ahead and change this line to something else and save the file.
  5. Reload the web page on your browser, you should see the sentence "This is a very simple practice page." change to your new sentence.

Step 2: Install a cookie editor add-on and view cookies

  1. On Firefox install: Cookie Manager+.
  2. You should see a picture of a cookie show up in your tool bar in the top right.
    If there is no cookie icon:
    • Click on the menu icon (three parallell bars in the upper right)
    • Click "Customize" in the bottom left
    • Drag the Cookies Manager+ icon to your toobar
    • Click "Exit Customize" on the right at the bottom of the screen
  3. Click the cookie icon and look at the list of installed cookies. The top of the list should have a cookie with a blank site and a name of "username". This is the cookie the basic_webpage.html just set on your computer.
  4. Double click on the cookie and an editor should appear that shows you the name and contents of the cookie.
  5. Try deleting the cookie and then re-loading the page. You should see the cookie re-appear.

Step 3: Change the cookie contents

  1. Edit the web page again. Replace "John Doe" in the line "document.cookie="username=John Doe;";" with some other name.
  2. Save the file.
  3. Reload the webpage, and reload Cookie Manager+.
  4. If you double click on the cookie again you should see "John Doe" change to your new name.
  5. Congratulations, you have now created a web page which can set a cookie.

Step 4: Online cookie setting page

  1. Open a similar page on my website:
  2. This page will ask you to enter your name and then inserts it into a cookie. If you look for the site in the Cookie Manager+ you will see the cookie that was set.
  3. This page will repeat back the contents of your cookie by saying Hello: [Cookie contents here].
  4. Reload the page. Notice that this time it didn't ask for your name, it just displayed it. This is because the page is reading your name from the cookie instead of asking you.
  5. Find at least three ways to make the web page forget who you are. You will know you are successful when the page asks you for your name instead of displaying it to you.

Step 5: Cookies on multiple websites

  1. Open the two pages below, note that they are the exact same page, but located on two different web sites:
  2. Both pages contain:
    • A top message from or depending on which site you are on.
    • A left iframe from
    • A right iframe from
  3. An iframe is a way to put one page inside of another. This is one of the ways advertisements are put into web pages. The website will ask you for your name and store it, the website will automatically pick a number for you to make them easier to tell apart.
  4. Cookies are shared by all web pages on a website. So if you change the cookie contents using the page in Step 4, the pages in Step 5 should also change.
  5. Try making one website forget who you are (not load its cookie), while allowing the other website to remember. How did you do it and what happened?
  6. Try adding 'www' to the front of the web address so that "" becomes "". What happens when you do this? Why does it happen?