that's a lot of cookies, mefi... December 7, 2009 2:49 AM   Subscribe

that's a lot of cookies, mefi...

I was deleting my cookies today (hello, doubleclick) and noticed just how many of them come my way from metafilter. these are not even all. so, not knowing a whole lot about them and not really being able to grasp what the ones not labeled "small font size" or login name do, track or mean... what are they about? why are there so many?
posted by krautland to MetaFilter-Related at 2:49 AM (67 comments total) 2 users marked this as a favorite

Christmas cookies. There's lots of 'em this time of year. I like the ones shaped like stars.
posted by flapjax at midnite at 3:03 AM on December 7, 2009 [1 favorite]


You never noticed that MeFi's front page is almost the same color as Sesame Street's Cookie Monster? Not a coincidence.
posted by oneswellfoop at 3:04 AM on December 7, 2009 [13 favorites]


I was going to comment on how stable the site has been and how that's worth putting up with a lot of cookies, and how awesome the team running mefi is, but now I'm hungry for peanut butter cookies. Damn you pb, couldn't you pick a user name that reminds me of cookies I can resist, like macadamia nut?

Still, it is nice to know when cookies aren't related the result of some kind of malware.
posted by BrotherCaine at 3:17 AM on December 7, 2009


Simply put: the MeFi codebase is a stone-soup mixture that has aged as much over time as the site's membership. The cookie trail you noted accounts for the various scripts and tables for comments, tags and favorites.

There's other programming techniques for equivalent work, of course; a number of visitors have offered their services in the hope of optimizing the software that binds this corner of the internet. Matt himself has even experimented with off-the-shelf products like ColdFusion to tighten things up...but in the end, two simple truths exist. The site is Matt's baby. He nurtured it, and as it grows, he grows as well. He's been teaching himself the ropes of compiling an online forum, rather than sit idly by and compromise with a pre-packaged suite of binaries.

The other point which bears mentioning is that the help he accepts is more on a group level; in addition to openly asking for advice on laying out tables, and opening threads to suggestions for new features, he's taken on help with a few people willing to work things out for the site as a whole and in a way for Matt himself to draw upon and tweak later at his own discretion. It's not quite elegant to the mindset of certain source-code parsers, but it does instill a symbiotic middle ground between founder/admin and the participants of discussion. The proprietary layout which emerges is more independent of extended-user agreements, or reliance on system management which may move on to other projects and not leave behind significant documentation.

For the time being, the cookies can be seen as the little dashes and revisions of a composer's notes, corrections which represent not only the final product as a whole, but also the internal processes which may lead to a particular phrasing.
posted by Smart Dalek at 3:18 AM on December 7, 2009 [3 favorites]


There's other programming techniques for equivalent work, of course; a number of visitors have offered their services in the hope of optimizing the software that binds this corner of the internet. Matt himself has even experimented with off-the-shelf products like ColdFusion to tighten things up

Er, I'm pretty sure Metafilter didn't "experiment" with ColdFusion, it actually runs on ColdFusion. And that's actually been a source of a lot of instability, over being written in PHP or something. Remember JRun? That's the JavaEE server that comes with ColdFusion, and it's no longer being developed.

ColdFusion is kind of a legacy thing from the late 90s (as far as I know) And I would guess not that many people know how write code in it compared to PHP, which is much more common. Non-open source development platforms, other then .net, are pretty rare these days.
posted by delmoi at 3:29 AM on December 7, 2009


I meant to say Matt's been "experimenting" with ColdFusion. Y'know, as gentle humor.
posted by Smart Dalek at 3:44 AM on December 7, 2009


Basically, in looking at the cookies, it looks like most of the ones I have set here (about 25), are all individual settings for individual things, like the font I'm using or my user name. From your perspective, having this many isn't really any different than having one... the privacy violation happens at the first cookie. Any additional ones add no risk. One or a thousand, it's all the same.

What many sites do is store most of your user settings on the server, and then just a couple of cookies on your end that remember who you are and the last time you visited. Everything else about your session, they look up on the server. This means that your settings are usually applied across multiple computers, and all your computers change at once if you change settings on any of them.

Because MeFi stores so many things locally, this means that your computers can get out of sync; if you change something and want it to apply to multiple machines or browsers, you'll probably have to log out and log back in on the other clients. But this is also a potentially useful feature, because you can have multiple separate views of MeFi.

Server-based settings might be a bit nicer aesthetically, but this works, and it offers additional features. Converting everything over would be very painful, would probably slow the site a little, and would offer almost no benefit. Some people's setups would inevitably break, and they would yell. This method is maybe a touch less elegant, but there's no yelling. Well, until now, anyway. :)

One thought comes to mind, though. I'm not too up on the exact mechanism that cookies use. If you guys are storing so much state on the browser, could the server be exploited by deliberately malformed data?
posted by Malor at 5:05 AM on December 7, 2009


Well, how else are marine biologists going to track sea urchin migrational patterns? It's like you don't even care about sea urchin migrational patterns!
posted by Horace Rumpole at 5:16 AM on December 7, 2009 [2 favorites]


But this is also a potentially useful feature, because you can have multiple separate views of MeFi.

Yes; a lot of people like having work-mefi (white them) vs home-mefi (normal colors).
posted by inigo2 at 5:19 AM on December 7, 2009 [1 favorite]


I clicked on this thread expecting information about some sort of MeFi (edible) Cookie Exchange that was in the works.

Needless to say, I'm a bit disappointed.
posted by chara at 5:39 AM on December 7, 2009 [5 favorites]


I would happily participate in a MeFi Cookie Exchange. I make a fabulous chocolate mint cookie. (It also tracks your digestive activity so DoubleClick can serve you more fiber-targeted content.)
posted by Metroid Baby at 5:50 AM on December 7, 2009 [8 favorites]


Me too, chara. And now I'm hungry.
posted by rtha at 6:15 AM on December 7, 2009




Too many cookies? NEIN!
posted by Cat Pie Hurts at 6:33 AM on December 7, 2009 [2 favorites]


sorry..ok, not really
posted by Cat Pie Hurts at 6:34 AM on December 7, 2009


It's like you don't even care about sea urchin migrational patterns!

Krautland has yet to deny kidnapping, murdering, raping, and then consuming street children. It has been said (by me just now) that Krautland was found pantless, backstage at a performance of Oliver!
posted by Pollomacho at 6:49 AM on December 7, 2009


Cookies are delicious delicacies.
posted by grouse at 6:52 AM on December 7, 2009 [1 favorite]


Now I know who's hoarding all the cookies.

I only gots 22.
posted by zennie at 7:19 AM on December 7, 2009


Er, I'm pretty sure Metafilter didn't "experiment" with ColdFusion, it actually runs on ColdFusion. And that's actually been a source of a lot of instability, over being written in PHP or something. Remember JRun? That's the JavaEE server that comes with ColdFusion, and it's no longer being developed.

ColdFusion is kind of a legacy thing from the late 90s (as far as I know) And I would guess not that many people know how write code in it compared to PHP, which is much more common. Non-open source development platforms, other then .net, are pretty rare these days.


Now of course I'm a bit biased since a lot of my development is in ColdFusion, but I do want to clear up a few things.

First of all, the announcement of the EOD is relatively new...it says September 2009 in the announcement; according to the announcement they are ceasing new feature development. I assume that means they will continue to off security or other upgrades over time, they just won't be programming in new functionality. ColdFusion runs on any J2EE application server. So the fact that JRun is "no longer being developed" is not a serious issue. Added to which, ColdFusion itself is being developed -- version 9 was just released.

It is true that more people know how to code in PHP, and that often PHP can scale better than ColdFusion, but CF isn't not inherently unstable. For most websites ColdFusion actually scales fairly well; MetaFilter gets a crazy amount of traffic, and you'd have to be fairly careful with any language you chose, including PHP, to make sure it didn't go kaput.

Finally, I'm not sure what you mean about the "legacy thing" from the late 90s. ColdFusion has continually been updated over the years. A few years ago it switched to a 100% Java compatible language, which is why it can run on J2EE servers. It's received consistent upgrades over the years and offers equivalent functionality to any of the other web development platforms, open or otherwise.

In US government websites, at least, ColdFusion owns a respectable market share. A non-scientific survey suggests that the rundown is It's pretty squarely #3 in terms of web programming share.

As far as the issues of being open source, Railo is a relatively new, very fast open source CFML server.

I guess I just feel like ColdFusion is and always has been the punching bag of the web programming world. The perception from some is that it is a barely utilized, stagnant, and non-scalable web programming language. The truth is, it is continually updated, has relatively wide-scale use, and is scalable when used properly.
posted by Deathalicious at 7:23 AM on December 7, 2009 [2 favorites]


DU stole the cookie from the cookie jar!

Who me?

Yes you!

Couldn't be!

Then who?

The Whelk!
posted by DU at 7:25 AM on December 7, 2009 [4 favorites]


One thought comes to mind, though. I'm not too up on the exact mechanism that cookies use. If you guys are storing so much state on the browser, could the server be exploited by deliberately malformed data?

As far as I know, the only thing someone could do would be to XSS themselves. The whole point of most of these cookies is they obviate the need for database calls (which are fairly expensive processing-wise). So the code probably looks something like
<style type="text/css">
body { font: <cfoutput>#cookie.font_family# #cookie.font_size#px</cfoutput> }
.smallcopy { font: <cfoutput>#cookie.small_font_family# #cookie.small_font_size#px</cfoutput> }
</style>
...
<div>welcome back 
<a href="http://www.metafilter.com/user/<cfoutput>#cookie.user_id#</cfoutput>"><cfoutput>cookie.user_name#</cfoutput>...

posted by Deathalicious at 7:35 AM on December 7, 2009 [1 favorite]


cold fusion cookies touched me in my bathing suit area
posted by bardic at 7:43 AM on December 7, 2009 [1 favorite]


I'd love to participate in the cookie exchange also, although I'm in N. America. I make can vegan chocolate chip walnut cookies based on the Toll House bag recipe (but with a lot more walnuts), although it's been too long since I've baked!
posted by amtho at 7:50 AM on December 7, 2009 [1 favorite]


MetaFilter site preferences are set with cookies so the settings can be per browser. That way you can use a different font setting on your laptop vs. your work computer without re-saving your preferences each time you switch machines. So if you head over to your preferences and look under the heading Website Settings we have one cookie for each of those. That's around 10. We have four cookies to identify which user you are, those are: USER_ID, USER_TOKEN, USER_NAME, and USER_KEY. Like floam mentioned, the cookies with UTM in the name are cookies are from Google Analytics—a program that measures traffic. And ColdFusion sets a couple of cookies including CFID and JSESSIONID.

So the number of cookies is the result of our design choice, and the choices of the various software we use to make the site run. There's nothing malicious going on in your screenshot.
posted by pb (staff) at 7:56 AM on December 7, 2009 [2 favorites]


All cookies that start with an underscore are from Google Analytics and required for running stats on the site. About 2/3 of what you see in that screenshot is Google Analytics cookies, not from MeFi.
posted by mathowie (staff) at 8:01 AM on December 7, 2009 [1 favorite]


I'll add a version of pb & mathowie's answer to the faq.
posted by jessamyn (staff) at 8:04 AM on December 7, 2009 [2 favorites]


bardic: "cold fusion cookies touched me in my bathing suit are"

lolmolestation amirite
posted by lazaruslong at 8:14 AM on December 7, 2009


Thanks for raising the question. I now need no longer over think my cache of cookies.
posted by effluvia at 8:39 AM on December 7, 2009


Straight ASP, not ASP.NET, ceased being updated five years ago (or more?) So ColdFusion has remained in active development for longer.

More than a few of us in the web dev/design world mock people still running CF, but it's stable, fairly easy to maintain, and can handle a good bit of load. A number of state websites here in Washington run on it. (Of course, we're also a state where most of the major computer systems were installed in the mid-70s and we employ COBOL programmers out the wazoo as a result.)
posted by dw at 8:49 AM on December 7, 2009


Wrap the cookies in tin foil to keep them fresh.
posted by Blazecock Pileon at 9:06 AM on December 7, 2009 [3 favorites]


About 2/3 of what you see in that screenshot is Google Analytics cookies, not from MeFi.

Good thing there is no cabal, otherwise I wouldn't believe you.
posted by chillmost at 9:19 AM on December 7, 2009


So the number of cookies is the result of our design choice, and the choices of the various software we use to make the site run. There's nothing malicious going on in your screenshot.
not to worry, I wasn't expecting that to be the case anyway. I was just curious.

Christmas cookies. There's lots of 'em this time of year. I like the ones shaped like stars.
I'm training for a marathon, so you see why I'm asking...

Krautland has yet to deny kidnapping, murdering, raping, and then consuming street children. It has been said (by me just now) that Krautland was found pantless, backstage at a performance of Oliver!
you're in good company in saying that about me. I would like to note though that your lack of imagination keeps you from grasping just what kind of wicked fellow I really am.
posted by krautland at 9:26 AM on December 7, 2009


Yes; a lot of people like having work-mefi (white them) vs home-mefi (normal colors).

The Meef mullet: business in the front, party in the back.
posted by Rhomboid at 9:33 AM on December 7, 2009


Also, the absolute number of cookies is completely irrelevant. You could serialize hundreds of variables into a single cookie (and some sites do this), it's just simpler from a programmatic standpoint to use a separate cookie for separate fields.
posted by Rhomboid at 9:35 AM on December 7, 2009



DU stole the cookie from the cookie jar!

Who me?

Yes you!

Couldn't be!

Then who?

The Whelk!

WHAT TV show is that from?! I can't for the life of me remember and my relatives think I'm nuts when I try to ask them what it was. I'm glad it wasn't a figment of my imagination.


posted by lysdexic at 10:06 AM on December 7, 2009


Also, the absolute number of cookies is completely irrelevant.

Not true. At least, it isn't for IE. IE's cookie implementation uses Url Cache Containers, which are basically just giant hash tables that get serialized to disk. There are clear performance (and consistency (!)) issues that occur when they get large. It is much faster to find one big cookie that a bunch of small cookies.

It also makes clearing the cookie cache take longer since deleting lots of little files takes longer than deleting a few big files.

But, in the grand scheme of things, it's not a big deal, which is probably what you meant.
posted by jeffamaphone at 10:07 AM on December 7, 2009


According to shot-cocktail-recipe.com, this is a Cold Fusion:
Vodka - 1 oz.
Sweet & Sour Mix - 1.33 oz.
Triple Sec - 0.68 oz.
Lime Juice - 1/3 oz.
Midori Melon Liqueur - 1/3 oz

shake well in a shaker with a lot of ice and fill the glass with it ,put a lot of ice

Serve in a Hurricane Glass
posted by soundofsuburbia at 10:07 AM on December 7, 2009


lysdexic: Zoom.
posted by jessamyn (staff) at 10:08 AM on December 7, 2009


Cookies freeze well. And often fuse together while baking.
posted by jgirl at 10:08 AM on December 7, 2009


Isn't there a documentary with Keanu Reeves and Morgan Freeman talking about Cold Fusion and how cool it is?
posted by Blazecock Pileon at 10:11 AM on December 7, 2009


It is simple on our side to have a single cookie to reference for each discrete setting, but it's also more transparent on the client side. We don't encrypt the values and we try to use obvious names for the cookies that map to the feature they're setting.

The downside is performance, as jeffamaphone notes. Each request to MetaFilter has to include all cookies. That's several hundred bytes of data that slows down each transaction. We could have a single cookie called, say, DISPLAY_PREFS with a delimited list of values along the lines of "12:verdana:8:sans-serif:1:0:32..." and that could help performance slightly. It's also a bit more cryptic when you're browsing cookies, and you wouldn't shave that many bytes. But it's something we can consider.
posted by pb (staff) at 10:14 AM on December 7, 2009


WHAT TV show is that from?! I can't for the life of me remember and my relatives think I'm nuts when I try to ask them what it was. I'm glad it wasn't a figment of my imagination.



Barney and Friends is where I first encountered it, but I was pretty sure it was a relatively popular - and pointless - children rhyme/game outside of the Barney universe as well.
posted by Think_Long at 10:15 AM on December 7, 2009 [1 favorite]


What I meant was that a site that sets 30 cookies is no more and no less "privacy invading" (or whatever tinfoil-hat nonsense) than one that sets one cookie; the number of cookies is in no way an indication of the amount of information retention/tracking/customization that a site performs.
posted by Rhomboid at 10:29 AM on December 7, 2009


It's from a tv show the same way Snow White is from Disney. :(
posted by boo_radley at 10:42 AM on December 7, 2009


Thanks, jessamyn, but I thought I remembered a lot more puppets. I do remember Zoom, now, looking at videos.

And yeah, boo_radley. I googled the one other thing I remember "what do you want?" "colored eggs!" and I got a description of a childrens' game.
posted by lysdexic at 10:53 AM on December 7, 2009


"When do you want 'em? Right now!"
posted by box at 11:47 AM on December 7, 2009


Y'all know why cookie monster is blue?

First of all, poor fellow's got no teeth so he's going to have trouble chewing. Second he has no tongue so even if he gums his way through a cookie, he can't taste it. Third, he has no throat/gullet. I mean they try to mask that last one by making the inside of his mouth black, but if you ever watch a clip of him "eating" a cookie, you'll see he gums it into crumbs and scatters the bits all around without actually consuming anything.

So sad.
posted by juv3nal at 11:53 AM on December 7, 2009


You never noticed that MeFi's front page is almost the same color as Sesame Street's Cookie Monster? Not a coincidence.

Ohhh cookie, cookie, cookie starts with C!
posted by amyms at 12:02 PM on December 7, 2009


Aw man, crap.
posted by cashman at 12:07 PM on December 7, 2009


juv3nal, you're obviously approaching cookie monster physiology from a anthrocentric viewpoint. Why should his mouth work the same as ours? Who says he doesn't taste with his velvety black gums? There's a reason he's called Cookie Monster and not Cookie Human.
posted by Think_Long at 12:08 PM on December 7, 2009 [2 favorites]


I am not at liberty to discuss any pending investigation concerning the cookie jar.
posted by The Whelk at 12:30 PM on December 7, 2009


You have five different websites in that screenshot -- cookies are bound by domain.

I have more cookies just from .google.com than any of the mefi subsites.
posted by cj_ at 12:41 PM on December 7, 2009


Yes. Burhanistan is correct. Otherwise, well....
posted by Kronos_to_Earth at 1:01 PM on December 7, 2009


These aren't the cookies you're looking for.

He can go about his business.
posted by Nick Verstayne at 2:32 PM on December 7, 2009


Personally, I think Cookie Monster doesn't really need to taste or digest the cookies. Rather, it's a psychological need to destroy the cookies to make himself feel whole and complete.

It probably stems from a childhood trauma, like with the Joker's "Why so serious?" story in The Dark Night. Expect it to be fleshed out in the series' more adult, gritty reboot.
posted by mccarty.tim at 5:05 PM on December 7, 2009 [1 favorite]


It probably stems from a childhood trauma, like with the Joker's "Why so serious?" story in The Dark Night. Expect it to be fleshed out in the series' more adult, gritty reboot.

Sesame Street: The Cookie Joke
posted by Think_Long at 6:54 PM on December 7, 2009


Sesame Street: The Thin Blue Line
posted by five fresh fish at 12:36 AM on December 8, 2009


Personally, I think Cookie Monster doesn't really need to taste or digest the cookies. Rather, it's a psychological need to destroy the cookies to make himself feel whole and complete.

Exactly, he's not a just cookie fiend as suggested previously, a simple fanatic to the point of obsessive fetishization of the cookie. His drive is to put the cookie in his throat-lacking mouth fold and crush it. In his crushing ("eating") of the cookie he feels powerful. He overcomes his developmental issues, belied by his poorly gramatical speech ("Me want cookie!"), he embodies his internal rage as the towering, horrifying, powerful creature he feels inside, he is the Cookie Monster.
posted by Pollomacho at 4:55 AM on December 8, 2009


I think you guys are completely missing a key element of monster physiology. A Cookie Monster is essentially a sentient miniature black hole. What you observe as crumbs leaving the "mouth" are those parts of the cookie that escaped the black hole. You can't observe a throat because light does not escape from that part of the monster.

That which you perceive as "eyes" are 2 satellites held aloft by an interaction of the magnetic field of the Cookie Monster, and the Earth's magnetic field. His "furry" blue appearance is a cold plasma discharge phenomenon. This can be observed by his relatively amorphous body in contrast to mammalian monsters such as Elmo or Grover.
posted by explosion at 5:49 AM on December 8, 2009


HI I'M ON METAFILTER AND I COULD OVERTHINK A PLATE OF COOKIES.
posted by grouse at 6:49 AM on December 8, 2009


Elmo and Grover are mammalian? Have you ever seen nipples on them, explosion? I certainly haven’t. Although, Cookie Monster/Fiend has to get his milk from somewhere I suppose.
posted by Think_Long at 7:42 AM on December 8, 2009


Well, I’m not ruling out the notion that they may not fit into our standard taxonomy. Further study is necessary; and, as it stands, we can usually only see Cookie Monster/Fiend from the waist up so I really have no idea what’s going on with the rest of its ambiguous body.
posted by Think_Long at 8:03 AM on December 8, 2009


Cookie Monster is actually a mother-figure to a teeming glom of symbiotic monsterlings—eyeless, thoughtless gaping fleshy cloacae at the termini of countless tentacle extrusions. They know only hunger, and Cookie Monster in his love for them must feed them but in his fear and horror of them can not bring himself to touch their terrible mouth-holes, and so he is compelled to scatter down to them an endless rain of starch-rich nutrition.

This is basically why you never see a lot of muppets below the waist.
posted by cortex (staff) at 8:10 AM on December 8, 2009 [3 favorites]


Wow, so not only is the Cookie Monster a female, she's sort of like a matriphagic insect. As the mouthless adult morph, her greedy cries of "ME WANT COOKIE!" are actually made in selfless service to her teeming brood, whose development hastens the day when she is inevitably devoured. Man, I love Sesame Street. So many levels.
posted by contraption at 9:25 AM on December 8, 2009


he is compelled to scatter down to them an endless rain of starch-rich nutrition.

Cookie Monster's Cookie Manna
posted by amyms at 9:53 AM on December 8, 2009


Perhaps the purple-gradient background behind the fiend is not so much a pleasing color choice for his blue exterior. Perhaps it is just the natural stain resulting from years of stench and foul fluids soaking the floors and walls of his horrendous prison as his monsterlings slowly devour him and morph their surroundings into the most womb-like environment their feeble memories retain.
posted by Think_Long at 10:14 AM on December 8, 2009


Some people's setups would inevitably break, and they would yell

And this is the path that That Giant Website I Work For followed into losing our place at the top of the intarwebs...
posted by flaterik at 3:47 PM on December 8, 2009


« Older Your thread != my litterbox   |   cookie exchange Newer »

You are not logged in, either login or create an account to post comments