Cookie Introduction

What Is The Cookie?

• Cookies are small files of information that a web server generates and sends to a Web Browser. Web browsers store the cookies they receive for a predetermined period of time, or for the length of a user's Session on a website. They attach the relevant cookies to any future requests the user makes of the web server.
• Cookies help inform websites about the user, enabling the websites to personalize the user experience. For example, ecommerce websites use cookies to know what merchandise users have placed in their shopping carts. In addition, some cookies are necessary for security purposes, such as authentication cookies.
• The cookies that are used on the Internet are also called "HTTP cookies." Like much of the web, cookies are sent using the HTTP protocol.

Where Are Cookies Stored?

• Web browsers store cookies in a designated file on users' devices. The Google Chrome web browser, for instance, stores all cookies in a file labeled "Cookies." Chrome users can view the cookies stored by the browser by opening developer tools], clicking the "Application" tab, and clicking on "Cookies" in the left side menu.

What Are Cookies Used For?

• User sessions: Cookies help associate website activity with a specific user. A session cookie contains a unique string (a combination of letters and numbers) that matches a user session with relevant data and content for that user.

  • Suppose Alice has an account on a shopping website. She logs into her account from the website's homepage. When she logs in, the website's server generates a session cookie and sends the cookie to Alice's browser. This cookie tells the website to load Alice's account content, so that the homepage now reads, "Welcome, Alice."
  • Alice then clicks to a product page displaying a pair of jeans. When Alice's web browser sends an HTTP request to the website for the jeans product page, it includes Alice's session cookie with the request. Because the website has this cookie, it recognizes the user as Alice, and she does not have to log in again when the new page loads.

• Personalization: Cookies help a website "remember" user actions or user preferences, enabling the website to customize the user's experience.

  • If Alice logs out of the shopping website, her username can be stored in a cookie and sent to her web browser. Next time she loads that website, the web browser sends this cookie to the web server, which then prompts Alice to log in with the username she used last time.

• Tracking: Some cookies record what websites users visit. This information is sent to the server that originated the cookie the next time the browser has to load content from that server. With third-party tracking cookies, this process takes place anytime the browser loads a website that uses that tracking service.

  • If Alice has previously visited a website that sent her browser a tracking cookie, this cookie may record that Alice is now viewing a product page for jeans. The next time Alice loads a website that uses this tracking service, she may see ads for jeans.
  • However, advertising is not the only use for tracking cookies. Many analytics services also use tracking cookies to anonymously record user activity.

What Are The Different Types Of Cookies?

• Some of the most important types of cookies to know include:

Session Cookies

• A session cookie helps a website track a user's session. Session cookies are deleted after a user's session ends — once they log out of their account on a website or exit the website. Session cookies have no expiration date, which signifies to the browser that they should be deleted once the session is over.

Persistent Cookies

• Unlike session cookies, persistent cookies remain in a user's browser for a predetermined length of time, which could be a day, a week, several months, or even years. Persistent cookies always contain an expiration date.

Authentication Cookies

• Authentication cookies help manage user sessions; they are generated when a user logs into an account via their browser. They ensure that sensitive information is delivered to the correct user sessions by associating user account information with a cookie identifier string.

Tracking Cookies

• Tracking cookies are generated by tracking services. They record user activity, and web browsers send this record to the associated tracking service the next time they load a website that uses that tracking service.

Zombie Cookies

• Like the "zombies" of popular fiction, zombie cookies regenerate after they are deleted. Zombie cookies create backup versions of themselves outside of a browser's typical cookie storage location. They use these backups to reappear within a browser after they are deleted. Zombie cookies are sometimes used by unscrupulous ad networks, and even by cyber attackers.

What Is A third-party Cookie?

• A third-party cookie is a cookie that belongs to a domain other than the one displayed in the browser. Third-party cookies are most often used for tracking purposes. They contrast with first-party cookies, which are associated with the same domain that appears in the user's browser.
  • When Alice does her shopping at jeans.example.com, the jeans.example.com origin server uses a session cookie to remember that she has logged into her account. This is an example of a first-party cookie. However, Alice may not be aware that a cookie from example.ad-network.com is also stored in her browser and is tracking her activity on jeans.example.com, even though she is not currently accessing example.ad-network.com. This is an example of a third-party cookie.

See Also

• Web Browser
• Session

References

• Cloud Flare