Cookies are small files that are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular client and website and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script that is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.
Can I see/view the cookies I have on my computer?
Most browsers have a configuration screen that allows the user to see what cookies have been stored on the computer, and optionally to delete them. For more information, see the viewing cookies page. Note that it is not possible for a web page to view cookies set by other sites, as this would represent a privacy and security problem.
What’s in a Cookie?
Each cookie is effectively a small lookup table containing pairs of (key, data) values – for example (firstname, John) (lastname, Smith). Once the cookie has been read by the code on the server or client computer, the data can be retrieved and used to customise the web page appropriately.
When are Cookies Created?
Writing data to a cookie is usually done when a new webpage is loaded – for example after a ‘submit’ button is pressed the data handling page would be responsible for storing the values in a cookie. If the user has elected to disable cookies then the write operation will fail, and subsequent sites which rely on the cookie will either have to take a default action, or prompt the user to re-enter the information that would have been stored in the cookie.
Why are Cookies Used?
Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage. Storing the data on the server without using cookies would also be problematic because it would be difficult to retrieve a particular user’s information without requiring a login on each visit to the website.
If there is a large amount of information to store, then a cookie can simply be used as a means to identify a given user so that further related information can be looked up on a server-side database. For example the first time a user visits a site they may choose a username which is stored in the cookie, and then provide data such as password, name, address, preferred font size, page layout, etc. – this information would all be stored on the database using the username as a key. Subsequently when the site is revisited the server will read the cookie to find the username, and then retrieve all the user’s information from the database without it having to be re-entered.
How Long Does a Cookie Last?
The time of expiry of a cookie can be set when the cookie is created. By default the cookie is destroyed when the current browser window is closed, but it can be made to persist for an arbitrary length of time after that.
Who Can Access Cookies?
When a cookie is created it is possible to control its visibility by setting its ‘root domain’. It will then be accessible to any URL belonging to that root. For example the root could be set to “whatarecookies.com” and the cookie would then be available to sites in “www.whatarecookies.com” or “xyz.whatarecookies.com” or “whatarecookies.com”. This might be used to allow related pages to ‘communicate’ with each other. It is not possible to set the root domain to ‘top level’ domains such as ‘.com’ or ‘.co.uk’ since this would allow widespread access to the cookie.
By default cookies are visible to all paths in their domains, but at the time of creation they can be retricted to a given subpath – for example “www.whatarecookies.com/images”.
How Secure are Cookies?
There is a lot of concern about privacy and security on the internet. Cookies do not in themselves present a threat to privacy, since they can only be used to store information that the user has volunteered or that the web server already has. Whilst it is possible that this information could be made available to specific third party websites, this is no worse than storing it in a central database. If you are concerned that the information you provide to a webserver will not be treated as confidential then you should question whether you actually need to provide that information at all.
What are Tracking Cookies?
Some commercial websites include embedded advertising material which is served from a third-party site, and it is possible for such adverts to store a cookie for that third-party site, containing information fed to it from the containing site – such information might include the name of the site, particular products being viewed, pages visited, etc. When the user later visits another site containing a similar embedded advert from the same third-party site, the advertiser will be able to read the cookie and use it to determine some information about the user’s browsing history. This enables publishers to serve adverts targetted at a user’s interests, so in theory having a greater chance of being relevant to the user. However, many people see such ‘tracking cookies’ as an invasion of privacy since they allow an advertiser to build up profiles of users without their consent or knowledge.
Tracking Cookies are type of cookie which does the specific task. These cookies are being distributed, shared, and read across two or more unrelated Web sites for the purpose of gathering information or potentially to present customized data to you.
Tracking cookies can be a privacy concern as many users still express discomfort at the idea of their web browsing habits being tracked.
Example:
Tracking cookies and their associated privacy concerns are most relevant to third-party advertising services, which provide the advertisements displayed on websites. These services use cookies to keep track of which advertisements that you have already seen on one site, in order to display the most recent or relevant material. As these services cater to multiple sites, a single advertising service may be able to gather data on the browsing behavior of users who visit these sites.
For example, when you visit a site that hosts third-party banners, the advertising service may save a cookie on your system indicating what banners have already been displayed. If you subsequently visits another site that uses the same advertising service, the second site can ‘read’ the same cookie and be directed to display a new set of banners – while the service logs that you have visited both sites.
Deleting cookies:
- Delete cookies with Internet Explorer: Internet explorer -> Tools tab -> Safety -> Delete browsing history. Finally, choose the Cookies box and click Delete.
- Delete cookies with Firefox: Firefox -> Tools -> Options -> Privacy. Click on the View Cookies button, and select the cookies from the list that you want to delete. If you want to block the cookies in addition to deleting them, check the box next to “Don’t allow sites that set removed cookies to set future cookies.”
- Delete cookies with Chrome: Chrome -> Options -> Settings -> Show advanced settings . You can manage cookies by clicking “Content Settings” else you can delete cookies by “Clear browsing data” and selecting the appropriate checkbox.
Use Do Not Track technology:
Do Not Track is a technology supported by Firefox, Safari, Internet Explorer, Chrome, and Opera that blocks tracking cookies from third-party sites. Visit the Universal Web Tracking Opt Out website to enable the option on your browser if supported
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.