Bypassing cookie restrictions in IE 5+6 Description A cookie is a small bit of information that a web site stores on your computer. When you revisit the web site, your browser sends the information back to the site. Usually a cookie is designed to remember and tell a web site some useful information about you. For example, an online bookstore might use a cookie to record the authors and titles of books you have ordered. When you return to the online bookstore, your browser lets the bookstore's site read the cookie. The site might then compile a list of books by the same authors, or books on related topics, and show you that list. This activity is invisible to you. Unless you have set your preferences so that you will be alerted when a cookie is being stored on your computer, you won't know about it. When you return to a web site, you won't know that a cookie is being read. From your point of view, in the example above, you'd simply visit the online bookstore, and a list of books that might be of interest to you would magically appear. Cookies are usually harmless. They can't be used to gather information about you (unless you provide it). But some services do use cookies to create a profile of your interests based on the sites you visit and the things you do there. Advertisers on participating sites can then tailor online advertising to your interests and buying habits. Out of privacy concerns some people choose to disable cookies all together or prefer to have closer control over what sites are allowed to store cookies. Only recently microsoft add some advanced cookie filtering to internet explorer 6 Through use of the userData bahaviour these privacy settings can be circumvented. The following was taken from microsofts site <snip> The userData behavior persists information across sessions by writing to a UserData store. This provides a data structure that is more dynamic and has a greater capacity than cookies. </snip> This behaviour completely ignores the privacy settings and allows website owners and advertisers to start tracking your every move once again. Systems affected Internet explorer 5 Internet explorer 5.5 Internet explorer 6 Demonstration First disable cookies by (on ie6 at least this is the way to do it) going to tools > privacy then set it to block all. goto http://www.xs4all.nl/~jkuperus/cookies.htm for an example , enter a value press save close the browser reopen the page and press load, the value is preserved Vendor status: I will send microsoft a cc of this email Workaround: disable active scripting references http://msdn.microsoft.com/library/default.asp?url=/workshop/author/behaviors /reference/behaviors/userData.asp?frame=true http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q283185&;