What are Website Cookies?

Cookies

There is a high chance that you have already seen some cookie related messages while browsing the internet. Well, I am not talking about the yummy culinary sweets, so if you are looking for a good cookie recipe right now, you can scroll by… Or just read this small article to understand the Cookie Policy on websites. Basically, they tend to improve the user experience by remembering user information and custom preferences during internet surfing.

 

The history of Website Cookies

 

Cookies are not a new concept from the past few years. In fact, they were invented in 1994 by Mosaic Netscape, by employee Lou Montulli with the purpose of solving the persistence problem in HTTP sessions. If the developers had been British, they would have been called “biscuits.” Haha, anyway… Website cookie notifications have come into general use in 2018, when the European Union’s digital privacy law, the General Data Protection Regulation (GDPR) came into effect. The aim of the law is to make sure users are aware of the data that companies collect about them, and to give them a chance to consent to sharing it.

 

GDPR

 

What are Cookies?

 

Cookies help organizations deliver a personalized and convenient experience to the user. A common usage is storing the shopping cart items at an online webshop. Furthermore, they allow the website to remember user credentials (username and password); preferred settings, such as dark-mode or light-mode; addresses; and basically any pieces of information about the user.

Website cookies are small text files containing a string of characters, stored in the browser. These files are limited to 4kb in size therefore they cannot store large amounts of data.

How do they work?

 

When you visit a website for the first time, the browser sends an access request to the site’s server. The server then generates a unique ID and sends it to the browser along with the cookies. The browser stores the cookies on your device and loads the page. When you visit the website next time, the server will identify you using the unique ID of the stored cookies.

 

workflow

 

The character string of the cookie usually contains a name, value, and attribute. Websites identify a cookie using its name. The value is a unique alphanumeric string with the purpose of identifying the user. An attribute consists of characteristics, such as the expiration date, domain, path, and flags.

 

The usage of internet cookies

 

Cookies

As mentioned above, cookies tend to improve user experience by storing some information about the user. This can have several different purposes:

  • saving user login credentials to remember them on subsequent visits
  • identifying the user and what they are doing
  • remembering user preferences, such as language, theme mode, font size, etc.
  • understanding how users interact with a website
  • storing shopping cart details
  • helping to gather statistics about visitors, such as their location or device
  • helping to gather analytical data, such as pageviews, session durations, and bounce rates

Did you see ads of a product that you previously searched for in an online shop? Yes, right? The reason is, that advertisers gather information about you through cookies so they can show relevant ads. It is pretty useful, but at the same time it can be a bit disturbing that these websites know so much about your interests and habits.

Types of Website Cookies

 

There are different types of cookies:

  • Session cookies.These are temporary cookies that are deleted as soon as your session ends or when you close your browser. They are first-party cookies that keep track of your browsing session while you actively navigate the site.
  • Persistent cookies. They are also known as permanent- or tracking cookies. This type of cookie is used for website authentication and is stored on your computer until they expire or you delete them. Their purpose usually is to keep track of your previous logins so you don’t need to enter your username and password every single time.
  • HTTPOnly cookies. Encrypted HTTPS websites use these as protection against hackers. The HTTPonly tagged cookie stores data on the HTTP server side, not on the client side. This means that those cookies cannot be read by JavaScript or any other client-side scripts.
  • Third-party cookies. Third-Party Cookies are created by domains that are not the website (or domain) that you are visiting. Typically, these are used for online advertising purposes and are placed on a website through a script or tag. A third-party cookie is accessible on any website that loads the third-party server’s code.
  • Zombie cookies. These are particularly troublesome as they can install permanently on your computer even if you opt-out. They are also difficult to delete.
  • Supercookies. It is a type of cookie that advertisers use to track online activity. Supercookies can last for years. They are also used to target ads at users by gathering information about what they do online and then providing this information to advertisers.
Cookies

 

Cookie risks / Are they safe?

 

Cookies themselves are not harmful, because the data in them doesn’t change. Furthermore, they cannot access your personal data on your device, and they cannot contain executable code.

Generally, they do not contain any malware or viruses, but some cyberattacks can hijack cookies and enable access to your browsing sessions.
If a hacker somehow gets access to the session or permanent cookies that could result in unauthorized access to websites you have previously logged in to without even entering login details.

Security holes keep being found in browsers which can leak personal information and so lead to all sorts of issues like: credit card information theft, unauthorized access to personal accounts etc. Because of these facts, users have some doubts and negative feelings towards cookies.

 

Security

 

Should I enable cookies?

 

Some websites require you to enable cookies in order to function properly. However, you may disable third-party cookies in your browser settings. It really depends on the type of cookies, but you can disable them if you are not comfortable with the site to store your personal information and track your online activities.

Here are some security tips if you are afraid of enabling cookies on a website:

  • Clear your cache on a regular basis and stay cautious while visiting unknown websites and giving your personal details there.
  • Delete your cookies regularly. This will reset your personalization settings and you have to re-type your login credentials on sites.
  • Review your browser’s privacy settings, disable unwanted cookies, keeping in mind that this can have negative effects on a website’s functionality.
  • Browse in incognito mode which blocks sites from using cookies.
  • Avoid questionable sites.
  • Keep your browser up to date. An outdated version could make you vulnerable to potential malicious attacks.

 

Conclusion

 

In conclusion, cookies are indispensable for most of the websites to function properly. They can improve user experience by easing the navigation on the site, remembering your personal settings and login details. However, keep in mind that cookies sometimes can be harmful, so don’t let suspicious websites track your online activities and store your private information by enabling them.

Cookies

 

References