If you’ve visited a new website on your phone or computer you’ve probably seen notification informing you that the page is using cookies to track you and asking you to agree to let it happen. The notification usually prompts you to read its cookie policy to consent to for cookies to be used to ‘enhance’ your experience on the site. No one really reads the cookie policy.
Most of us just quickly click ‘accept’ and move on. Sometimes the website doesn’t work if you decline to consent to their cookie policy. Often times they work fine.
What is a Web Cookie?
A computer “cookie” is more formally known as an HTTP cookie, a web cookie, an Internet cookie, or a browser cookie
The name ‘cookie’ was derived from UNIX objects called magic cookies. These are tokens that are attached to a user or program and change depending on the areas the user or program enters
A Web Cookie is a file stored in a user’s web browser with small pieces of data that stores information like user settings and preferences, the frequency someone visits a specific website and other analytics specs. This information is used to identify your computer as you use a computer network
Data stored in a cookie is created by the server upon your connection. This data is labeled with an ID unique to you and your computer. When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you
Types of Website Cookies
Session cookies:
Session cookies, also known as temporary cookies, are created for a single session and vanish once you close the browser
They stay on a browser and retain your information until it is closes. When a new browser window is opened, the same user is treated as a new visitor and must input their login credentials
They are first-party cookies and all the administrative authority regarding session cookies lie with the website and the user can’t disable session cookies from their browser
Permanent cookies
Permanent Cookies (aka persistent or tracking cookies) don’t expire after you close the browser or even shut down the computer. They have a specific expiration date set by the website and remain valid until then
Third-party cookies
Third-party cookies are known as marketing or tracking cookies. These are the cookies embedded by third-party websites. For example, advertisements and banners shown on a website you visit are usually displayed by a third-party.
Importance of Cookies
Cookies can be used for: website session management, personalization and tracking
Cookies let websites remember you, your website logins, shopping cart items, language preferences and more. But they can also be a treasure trove of private info for criminals to spy on.
A web cookie keeps a user logged in as they browse each page. Examples:
Online retailers use cookies to keep track of the items in a user’s shopping cart as they explore the site. Without cookies, your shopping cart would reset to zero every time you clicked a new link on the site. That would make it impossible to buy anything online!
While selecting a language on a multi-lingual website, the website may store this information on your computer in the form of a cookie. Next time you visit the website, it’ll automatically load the page in the language you’ve previously selected by reading the information from the cookie so you don’t have to select your preferred language again
Are Cookies Good or Bad?
While the information contained in a cookie is not inherently good or bad, the potential for how that information is used is important for internet security
A cookie could store personally identifying information(PII) a user provides like name, home address, and phone number, or information like preferred language, login credentials, and abandoned shopping cart items
As with most internet security concerns, a major downside of the convenience that cookies offer is the vulnerability for cookie data to be tracked and used for malicious intentions
Cookies themselves are harmless because they aren’t able to hold code. They can neither contain nor execute viruses or any other malicious code. But sometimes cookies can indirectly become the cause of malicious activities involving your data
When the connection between a browser and server is targeted by an attacker, the cookies that are intercepted can be sold to third parties or ‘hijacked‘ and used to impersonate the user in other places of the Internet
Clear Your Cache and Block Third Party Cookies
Cookies can be an optional part of your internet experience. You can choose to limit what cookies end up on your computer or mobile device
You shouldn’t disable cookies for all websites as they may need cookies for proper functioning. However, you may certainly disable third-party cookies in your browser settings
It is also good practice to clear your cache on a regular basis and stay cautious while visiting unknown websites and giving your personal details there
This is a dope article and a gives a good overview of cookies!
I usually click accept lol and make use of the incognito mode if I have to visit a site that I don’t trust!
Although I read that cookies in most cases don’t store login credentials but rather session tokens that are then used to associate a user with things like their shopping cart items e.t.c. It’s a whole rabbit hole but an interesting one
Thank you!
I also click accept most times haha although recently I have started declining them, especially if it is a one time visit to a particular site. Since I don’t intend to come back, I don’t see a need to have my data stored or my activity tracked.
And you are right, session tokens are used to link to a particular user and not their actual log in credentials. I talk about this briefly where I mentioned
“Data stored in a cookie is created by the server upon your connection. This data is labeled with an ID unique to you and your computer. When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you“
But I do agree that there is more behind-the-scene action on how the session tokens operate!