Cookies, which are also called HTTP cookies, internet cookies, or browser cookies, are files stored on your computer designed to hold a small, specific amount of data about a particular website or client. The primary purpose of a cookie is to identify the user so his or her web experience can be customized. Cookies streamline the online surfing process by saving certain information such as email, home address, shipping information, username or password, or even particular interests.
When you visit a particular website using cookies you may be asked to create an account, provide an email address, or even something as simple as stating a personal preference. This information is packed and stored as a browser cookie, a small text file sent to your web browser, and then stored on your computer until the next time you return to that particular website. The next time you visit that website, your internet browser will send that user activity information in the form of an HTTP cookie to the web server so the information in the small file can be accessed and reused. Web servers have no memory, so they rely on these tracking cookies to remember who you are and your preferences so they can provide better, more relevant service. To work properly, cookies do not need to recognize where you are from, it only needs to remember your browser.
It may seem a little odd to refer to an internet cookie as a cookie. After all, they don't seem to have much to do with the tasty treats that share their name. The term "cookie" was coined by Lou Montulli, a web browser programmer who invented internet cookies in 1994. He derived it from "magic cookie," a term used by Unix programmers for packets of data a program receives and sends back unchanged, and the term magic cookies came from the idea of a fortune cookie — a cookie with an embedded message.
There are many different varieties of cookies used by modern browsers to track online activity and enhance a user's online experience. Here are a few of the broad categories that cookies fall into.
Session cookies are sometimes referred to as in-memory cookies, transient cookies, temporary cookies, or non-persistent cookies. They exist temporarily while a user is engaged in a browsing session on a website, and are deleted when the browser session ends. Session cookies store information the user has entered on the site and track the movements of the user on the site. They can also store information needed to make an online shopping cart work, by "remembering" what the user placed in the shopping basket instead of forcing the user to remember every product they wish to buy.
Persistent cookies, or permanent cookies, are used by the server to store information about the user's page activities, so the user can remember and pick up where the visitor left off next time they visit. A persistent cookie stores information by acting as a bookmark, so users don't have to re-navigate websites upon return to find the last web page they visited. For example, they can be used to keep a user logged in on a site so they don't have to keep entering login information every time they visit the site. Persistent cookies expire after a set period of time or on a certain date.
A secure cookie may be a session cookie or a persistent cookie, but it can only be transmitted via a secure, encrypted connection (HTTPS), not via an unencrypted HTTP connection.
Normal cookies do not compromise user security. However, malicious cookies have cookie attributes that can be used to track activity online, store preferences, and build profiles based on your interests. Once the user profile contains enough information from tracking cookies, it can be sold to different companies without your consent, which is one of the major drawbacks of cookies that affects online privacy. Many new antivirus programs help identify suspicious and malicious adware cookies when scanning your systems for viruses and provide you an opportunity to delete them.
Ordinary cookies originate from a specific domain name, such as digitalshiftmedia.com. Supercookies, however, are unique in that they originate from a top-level domain such as ".com" or ".org" and that makes them both powerful and a potential security concern, which is why they are usually blocked by web browsers. If they weren't blocked, an attacker could use a supercookie to disrupt or impersonate legitimate requests from a site that shares the same top-level domain. For example, a supercookie that has an origin domain of .com has the ability to maliciously influence a request made to a legitimate site that uses the .com suffix by faking logins or changing user information. The term supercookie is sometimes used to refer to other tracking technologies, but this is the most widely accepted definition.
It is possible for a web server to place data and code on a user's device in a hidden location apart from their browser's typical cookie storage location. This is called a zombie cookie, and when the cookie goes missing, it can be automatically recreated using the stored personal data. This can make zombie cookies tough to manage effectively. They are generally used to track a user's browsing history across multiple sites, and a computer cookie can even track user behavior through multiple browsers on the same computer or mobile device if the zombie cookie file is stored outside of a user's browser on the user's computer.
A first-party cookie is created by a website you are visiting, while a third-party cookie is created by other sites that owns some of the content on the site you are viewing, such as images or advertisements. It is possible to block third-party cookies on most web browsers, and some block them by default. Third-party cookies are often used in an effort to display the most relevant, bottom of the funnel advertisements to users to maximize the advertiser's benefits.
There are three main uses for cookies in today's online environment, under normal circumstances. Different types of cookies keep track of various different activities. They can be useful to both website publishers and website users, and can also potentially be used by third parties.
As you might expect, the session management function is carried out by session cookies. A typical use is to keep you logged in on a site that you have already been authenticated on. When you arrive on a website, the server will usually send you a cookie that contains a session identifier. Then when you log in, the server "knows" that your session identifier has been authenticated and allows you to use the pages on the site that you have access to according to your account level. That session identifier cookie allows the server to save personal information about the user and can actually help to improve page load times because the session cookie only contains a session identifier, which is a relatively tiny packet of data.
Cookies that are used for personalization and user convenience remember information and use it to display a consistent experience for individual users over time, across multiple sessions. For example, when you're checking out on a retail site for the first time, you need to enter all your address information. But next time you check out, a personalization cookie will remember your information and auto-fill it for you so you don't need to type it all out again. Some sites also give you the option to customize the appearance of the website by choosing how many results are displayed on a page, the background color of the page, or other factors. Once you've entered a user preference, the personalization cookie will remember your choice and display it next time you visit the website.
A tracking cookie is more for the benefit of advertisers and corporations. They don't really enhance the end user's browsing experience, except maybe to show them more targeted advertising. When a user visits a new site, the server checks for a cookie. If none is found, the server will issue a unique identifier. Every time the user requests a new page on the site, that information is stored in a log file with the URL of the requested page, the date and time, and the session identifier cookie. By examining the log file that is generated, a corporation can understand which pages were visited, for how long, and in what sequence. That might not sound important, but it helps the website owner to get a very clear picture of an individual's browsing habits and buying habits, and that information is valuable — so much so that it is often sold to the highest bidder.
Web browsers store cookie settings, so you can access your browser settings to allow cookies or delete them. The settings can be adjusted for all sites or on an individual site-by-site basis. You can also choose to block cookies for some or all sites.
You can delete all cookies from your browser cache, and you will probably find it necessary to do this periodically. That's because you can encounter browser glitches that require you to clear the cache in order to return to normal usage. Browsers such as Google Chrome, Internet Explorer, or Microsoft Edge let you delete cookies and choose how future cookies will be used.
It is possible to block all cookies, but it's not generally recommended. Banning all browser cookies can make some websites difficult or even impossible to navigate. With Google Chrome and other browsers, you can choose to block third-party cookies, or just block cookies when you're in Google's Incognito mode.
When you first visit a website, you may be confronted with a cookie wall pop-up that explains the types of cookies used on the site. You can not opt out and must accept their cookies policy to use the site.