Requests sent to Internet sites through your browser are "context free", meaning that each message comes to us without any history or identifying information unless it is intentionally placed there by your browser. Without this identifying information we don't know who the request came from and hence don't know if you should be allowed access.
Cookies solve the problem of context. When you log in, our server hands a "session cookie" to your browser, and from that point forward, your browser sends the session cookie back with each request to our database to identify you as a valid user. You can think of a session cookie as an invitation that your browser presents to our doorkeeper each time you request entry to the registered user areas.
If your browser does not accept session cookies, the invitation gets thrown away, and you can't get in.
So if cookies are so useful, why wouldn't I always want them turned on? What is the privacy issue?
Some people would prefer to be completely anonymous. Without cookies turned on, you stand a better chance of remaining anonymous.
There are also two types of cookies:
A per-session cookie (which is what Doxpop uses) goes away as soon as you close your browser, so it can't be used to do things like track whether you have previously connected to a site, or how often you have visited. When you close your browser, we don't leave any trace of the session on your computer.
This is in contrast to "persistent cookies", which are cookies that are stored on your computer's hard drive, and are used by many web sites to track your usage habits. Many people consider cookies stored on their hard drive to be an invasion of privacy, since it allows the web site to identify you before you have chosen to identify yourself by logging in or supplying some other information.
For Doxpop to work properly, your web browser must be configured to accept first-party, session-only cookies. Test to see if your browser accepts cookies from Doxpop.
Although you'll want to make your own decisions about security, most people feel that a "per session" cookie is much less of a risk to their anonymity than the persistent cookies.