What are Cookies?

Would you like to understand what are cookies used for and who uses them? Find explanations here with details on how web sites store your personal data and what they use the data held in cookies for.

What are cookies used for?

Internet cookies can be used for various purposes. Here are some examples of a few common uses.

They can store details for ‘shopping carts’ belonging to online stores. When you select a product and place it in a shopping cart, a file is written. This file can remember the product and the price so that you can keep shopping. When you are finished shopping you simply click the button to check out. The site uses the information held in the file to complete your order.

They can be used to keep track of log in and password details. While this initially sounds a little concerning, the purpose is really to save you time. Sites will remember the information for you. You don’t have to type it in each time you want to access the site.

They help web sites adjust their content and layout for you. If you often access the statistics for a specific team at a website. That site might use an browser cookie to send you straight to your team’s page.

They help identify whether you have already visited a site. They can also also count how many times you have visited.

They remember the last page or position you were on at the site. This can be very helpful if you are opening several pages of information.

What are cookies security concerns ?

Internet cookies by themselves are safe. They simply store information that you have entered into a browser. That information is only available to the web site that you were visiting. It is possible for computer cookies to be used for malicious purposes. They could even be used as a form of spyware. There are many anti-spyware packages available. Some of them will list certain internet cookies as a potential threat. Most browsers have built in privacy controls. These controls can provide levels of cookie acceptance, retention time, and disposal. Backing up your computer can give you the peace of mind that your files are safe.

What are cookies risks to me?

Computer cookies are not programs as they can not do anything by themselves. They simply act as a temporary storage space on your local computer. A text file cannot gather any information by itself. It is not able to collect any personal information from your machine. These files can be viewed through a simple text editor. Normally they are often encrypted to help protect your personal information. Each file can only be accessed by the original web site that created the file. This is a key security feature built into every browser. It helps to protect your computer and personal data from cross-domain data theft.

Internet cookies can not have viruses or install malware onto your device. Tracking cookies can store long-term details of your browsing history. These often take the form of third-party tracking cookies. This is a serious privacy concern. It encouraged European and US to take action during 2011. Read my article to learn more about “Cookie Law”. I discuss how the new EU cookie directive effects web sites.

What types of cookies are there?

Hopefully we now have an understanding of what are cookies used for. The next step is to understand the types of internet cookies and their use. There are two main types of file. One is a session cookie and the other is a persistent cookie. Both have a different roles to play.

Session.

Sometimes known as a transient cookie. They are stored in temporary memory. They remain available for the duration of your active “session”.

Learn more about Session Cookies here.

Persistent.

Also known as a stored cookie, it stores a file on your hard drive. The file would remain on the hard drive until it reaches its expiration date.

Learn more about Persistent Cookies here.

Secure & HttpOnly.

A secure cookie is just like a regular cookie. The exception is it contains a special ‘HttpOnly’ flag. This flag instructs the browser to restrict access to the data.

Learn more about Secure & HttpOnly Cookies here.

Third-Party.

Visit a web site, but have a file created by a completely different domain. This allows the third-party domains to track you i.e. Tracking Cookies.

Learn more about Third Party Cookies here.

Flash.

Uses various techniques to resists deletion. When you clear your history they can remain hidden and reappear like a virus!

Learn more about Flash Cookies here.

Zombie.

This is a cookie that can come back to life, hence the name Zombie. After it has been deleted it gets reborn.

Learn more about Zombie Cookies here. 

Ever.

This is an example of a VERY persistent file. A cross between the Super and Zombie types.

Learn more about the Ever Cookie here. 

Deep dive into what are cookies.

Want to delve deeper into the what are cookies question? Jump over to the Open Web Application Security Project sit and take a look at their Cookies Database.