What are Persistent Cookies?
A persistent cookie, also known as a stored cookie, is a file that is stored on a user’s hard drive. The cookie would remain on the hard drive until it reaches its expiration date. At this point the browser would purge the cookie from the hard drive. On every subsequent visit to the website the browser will send the cookie back to the web site. Because a cookie’s value can uniquely identify a client, the cookie can indicate how the user initially came to this website. For this reason, they are also sometimes referred to as tracking cookies.
The benefit of a persistent cookie is that they can result in faster and more convenient access as they can store login details that remove the need to login on each visit to the web site. In addition to authentication, other website features are possible through the use of these, such as; menu preferences, preferred theme, language selection or even internal site bookmarks. On your first visit, the website is presented in default mode. During this time, you select your preferences and they are remembered. Like a session cookie but they persist from session to session, added is the expiration date which is issued by the web server into the txt file. They can control your font size page width for screen size etc. which means the user doesn’t have to worry about adjusting their screen preferences for a year unless they delete the cookies. In some cases, persistent cookies are set for a very long time. These can also help a webmaster find out who is a new viewer and who is a returning viewer.
Differences between Regular & Persistent Cookies.
Regular Cookies are Persistent Cookies Stored in Browser Stored in client hard drive Easily blocked and deleted from browser Needs to be deleted manually or set. Size=4kb Size=up to 100kb Work with only one browser Work across all browsers on the same machine
How do they work exactly?
A persistent Cookie works by using several computer languages which then stores a txt file on your hard drive in your machine and has written into the coding a set expiry date normally 1-2 years.
Example of who uses them?
Google analytics.
- Name: _utma Typical content: randomly generated number Expires: 2 years
- Name: _utmb Typical content: randomly generated number Expires: 30 minutes
- Name: _utmc Typical content: randomly generated number Expires: when user exits browser
- Name: _utmz Typical content: randomly generated number and information about how the page was reached (e.g. directly or via a link, organic search or paid search) Expires: 6 months
- Name: __utmmobile Typical content: randomly generated number Expires: 2 years For further details on the cookies see Google Analytics.
Purposes of using them.
The benefit of a persistent cookie is that they can result in faster and more convenient access as they can store login details that remove the need to login on each visit to the web site. In addition to authentication, other website features are possible through the use of these. Features such as: menu preferences, preferred theme, language selection or even internal site bookmarks. On your first visit, the website is presented in default mode. During this time, you select your preferences and they are remembered through the use of the persistent cookie on your machine.
Privacy Risk
1. Cookies are vulnerable and susceptible in common browser cookie-theft and cross site script attacks, cookies are not as safe as people realize.
2. Persistent cookies alone are adequate authentication to access a website. They are the same as both a valid username and password in one.
3. As nearly all 98.4% of people reuse their passwords from site to site this makes it easy for any login cookie from which you can recover the user’s password much more potential harm.
4. Very many people have persistent cookies on multiple web browsers e.g. on different machines (work or home laptop or mobile) simultaneously making it more exposed to a potential threat.