A cookie is a small piece of data that a web server can send to your browser. A cookie can come in one of several flavours:

• It can be transient - it disappears when you shut down your browser - or it can be persistent - the browser stores it on your hard disk, and it hangs around for as long as it feels like.
• It can be restricted, so that it's only available to the server or domain which sent it in the first place, or it can be promiscuous, and available to any server which requests it.

Chameleon uses a transient, restricted cookie which will only be sent back to itself, and which ceases to exist when you shut down your browser. Chameleon needs this cookie so that it can remember who you are between clicks. It needs a cookie to do this because of the way HTTP works.

NB. With some browsers, if you have told your browser to ask you whether to accept cookies, you will have to log in twice - the login process doesn't work until after your browser accepts the cookie.

Cookies have received a lot of bad press, some of it deserved, some of it not. Here are some of the things they can and cannot do.

• They cannot leech data or somehow infect or subvert your computer, like a virus or trojan horse can - they're just a few bytes of data and do not get executed by a correctly-functioning browser (although a certain well-known browser from a very large corporation which ought to know better seems to have a panchant for executing any script it encounters anywhere at all. If you use such, beware of this tendency.)
• Persistent cookies can be used to make life easier for you by storing your credentials for a site, so that the next time you go there, you don't have to bother to remember your password. This can reduce security, so CRAITS doesn't do it. Modern browsers include a feature whereby the browser remembers your credentials for the sites you visit, giving you much the same effect as a persistent cookie. If you like this, and are comfortable that it's secure enough for your purposes, by all means use it. If your browser doesn't offer this feature, upgrade.
• Persistent promiscuous cookies can also be used to track your web-surfing from site to site. Some feel that this is an invasion of their privacy. They're probably right, too.
• Others argue that, since advertising is apparently a necessary evil, and is both more effective and hugely less annoying if it advertises stuff in which the viewer is potentially interested, it is in everybody's best interest to enable accurate pseudonymous profiling to allow the stuff to be targeted effectively.
• The privacy advocates then point out that it's potentially a short step from pseudonymous profiling to using credit card info from a co-operating site to bind that pseudonym to your real identity, and then you really are living in public.

The present author finds himself in a dilemma. On the one hand, he takes his privacy seriously and doesn't like to give information to persons without faces whom he has no reason to trust. On the other, he has less than no patience with irrelevant advertising and so would welcome targeting if it actually worked, and didn't spam him with ads for services and products he wouldn't touch with a poleaxe.