What are cookies?

…Confused about Internet Cookies! Trying to answer the questions what is a cookie and what are cookies used for?  Find your explanations here with details on how web sites store your personal data.

What is a cookie?

To answer the simple question what is a cookie, we must start at the beginning and understand why internet cookies are called cookies? Well in plain English an internet cookie is a simple text file. Your web browser can create this file on your local computer or mobile device. A computer cookie can have many different names. They can be called HTTP, Web, or Browser cookies. Your browser will create a text file when requested to by the server of the web site you are visiting. Web sites normally use this text file to store data about your personal settings. At a later time they pull back that information. The web site can use this information to change the page you are viewing. In general they make your web browsing experience better. Read on to learn more about these little files.  If you feel like diving into the real technical aspects try this link to wikipedia.  wikipedia’s details about internet cookies.

Why do we call them cookies?

Why is a simple text file that stores data called a cookie you may ask. I have found four competing stories each with their own merit. So hop over to my “Why are Browser Cookies called Cookies” page. Once you have read the options, vote on the one you think most likely. I also explain who can be credited for the first real internet cookie.

Fun What is a Cookie Answer.

When are cookies created?

Internet cookies are normally made when you first load a web page that wants to store information. The web page will first look to see if a file belonging to itself is already on your device. If an existing file is found then the data held within it will be read. The web page may change itself or pass the data found back to the parent web site. If no internet cookie is found the web page will instruct the browser to create one. Allowing a this grants permission to the web site to access any information you provide. Your IP address, type of browser, previous web site or any other information you provide. A web site’s privacy policy should be read before you accept their cookie file. Opening a page can trigger secondary web sites. These secondary sites may write their own text file to your device. This is possible if they have ads, widgets or other elements on the web page. So when you open one web site, you may actually be opening content from several web sites. Each with the ability to create its own text file on you device.

What is a cookie’s limits? Internet Cookies do have limits placed on them. The maximum size for any one file is 4KB. The maximum number of files that can be written and kept by a single domain is 20. These controls keep your browser running well. If cookies are disabled or rejected, the web page will take default action. It may therefore not perform as intended. It is possible to adjust your browser to not accept cookies. This is normally referred to as “disabling cookies”. You can find out how to do this by reading the following pages.

Laws are being brought forward in relation to new technology. It is now European law to inform people before writing an internet cookie to their device. This provides the opportunity to reject the internet cookie. Refer to my article Cookie Law to learn more about this subject.

What are cookies used for?

Internet cookies can be used for various purposes. Here are some examples of a few common uses.

They can store details for ‘shopping carts’ belonging to online stores. When you select a product and place it in a shopping cart, a file is written. This file can remember the product and the price so that you can keep shopping. When you are finished shopping you simply click the button to check out. The site uses the information held in the file to complete your order.

They can be used to keep track of log in and password details. While this initially sounds a little concerning, the purpose is really to save you time. Sites will remember the information for you. You don’t have to type it in each time you want to access the site.

They help web sites adjust their content and layout for you. If you often access the statistics for a specific team at a website. That site might use an internet cookie to send you straight to your team’s page.

They help identify whether you have already visited a site. They can also also count how many times you have visited.

They remember the last page or position you were on at the site. This can be very helpful if you are opening several pages of information.

What is a cookie like inside?

Each internet cookie can contain up to six key parts. These are name, content, path, domain, expiration and secure connection.

The name is used to help identify the cookie. This is used by the web site that requested the file be created. It can sometimes identify how the file is being used. Normally the name would be hidden to help prevent hacker activity. Even possible cookie forging.

The content is the actual data that is being recorded. This data is held in a name-value pair format. This simply means that each piece of information contains two aspects, a name and a value e.g. If I wanted to store the name of this website cookiecontroller.com the name-value pair might look like this: “website=CookieController.com”.

The path and domain data allows your browser to keep a web site to cookie relationship. This to prevent a file that was created by Google from being read by Bing. This data details the origin and therefore which other web sites can access it. Read more about Cookie Domains and Paths here.

The expiration holds details about how long the browser should keep the text file. Most of these are called Session Cookies. These are removed by your Browser when you close the browser. Otherwise known as ending the browser session. Cookies that have a longer expiration period will be kept until that point in time. This is called a Persistent Cookie. It lives on after you have closed your browser.

The secure connection helps to ensure the web cookie can only be used in a secure way. An example of this is where a site uses Secure Socket Layers (SSL).
Learn more about about SSL here.

What are cookies security concerns ?

Internet cookies by themselves are safe. They simply store information that you have entered into a browser. That information is only available to the web site that you were visiting. It is possible for internet cookies to be used for malicious purposes. They could even be used as a form of spyware. There are many anti-spyware packages available. Some of them will list certain internet cookies as a potential threat. Most browsers have built in privacy controls. These controls can provide levels of cookie acceptance, retention time, and disposal. Backing up your computer can give you the peace of mind that your files are safe.

Can internet cookies be harmful?

Computer cookies are not programs as they can not do anything by themselves. They simply act as a temporary storage space on your local computer. A text file cannot gather any information by itself. It is not able to collect any personal information from your machine. These files can be viewed through a simple text editor. Normally they are often encrypted to help protect your personal information. Each file can only be accessed by the original web site that created the file. This is a key security feature built into every browser. It helps to protect your computer and personal data from cross-domain data theft.

Internet cookies can not have viruses or install malware onto your device. Tracking cookies can store long-term details of your browsing history. These often take the form of third-party tracking cookies. This is a serious privacy concern. It encouraged European and US to take action during 2011. Read my article to learn more about “Cookie Law”. I discuss how the new EU cookie directive effects web sites.

What types of browser cookies are there?

Now we an understanding around what is a cookie, why it is used and what cookies are used for. The next step is to understand the types of internet cookies and their use. There are two main types of file. One is a session cookie and the other is a persistent cookie. Both have a different roles to play.


Sometimes known as a transient cookie. They are stored in temporary memory. They remain available for the duration of your active “session”.

Learn more about Session Cookies here.


Also known as a stored cookie, it stores a file on your hard drive. The file would remain on the hard drive until it reaches its expiration date.

Learn more about Persistent Cookies here.

Secure & HttpOnly.

A secure cookie is just like a regular cookie. The exception is it contains a special ‘HttpOnly’ flag. This flag instructs the browser to restrict access to the data.

Learn more about Secure & HttpOnly Cookies here.


Visit a web site, but have a file created by a completely different domain. This allows the third-party domains to track you i.e. Tracking Cookies.

Learn more about Third Party Cookies here.


Uses various techniques to resists deletion. When you clear your history they can remain hidden and reappear like a virus!

Learn more about Flash Cookies here.


This is a cookie that can come back to life, hence the name Zombie. After it has been deleted it gets reborn.

Learn more about Zombie Cookies here. 


This is an example of a VERY persistent file. A cross between the Super and Zombie types.

Learn more about the Ever Cookie here.