>I'll claim to be an expert too. I've read the specification for >cookies, and implemented web sites that use them, and looked at what's >stored where when *I* visit various web sites, and watched http >protocol packets on the network to see what cookie information is >coming from and going to where. David No doubt the specs say one thing but it wouldn't be the first time that the software vendors who impliment the specs get it wrong ... http://www.peacefire.org/security/jscookies/ OK, that's old news now but MS in particular is particularly well know for creating security holes where they never used to exist ;o) Sure, cookies should not be able to execute anything: the information in them is a bit worrying - well, to me anyway. Bob http://www.webopedia.com/DidYouKnow/Internet/2002/Cookies.asp
