What are browser Cookies?
Cookies are text files with small pieces of data — like a username and password — that are used to identify your computer as you use a computer network. Specific cookies known as HTTP cookies are used to identify specific users and improve your web browsing experience.
Data stored in a cookie is created by the server upon your connection. This data is labeled with an ID unique to you and your computer.
When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you.
What Are Cookies Used For?
- Session management. For example, cookies let websites recognize users and recall their individual login information and preferences, such as sports news versus politics.
- Personalization. Customized advertising is the main way cookies are used to personalize your sessions. You may view certain items or parts of a site, and cookies use this data to help build targeted ads that you might enjoy.
- Tracking. Shopping sites use cookies to track items users previously viewed, allowing the sites to suggest other goods they might like and keep items in shopping carts while they continue shopping.
Cookies are stored on your device locally to free up storage space on a website’s servers. In turn, websites can personalize while saving money on server maintenance and storage costs.
Setting a cookie
Cookies are set using the Set-Cookie
header field, sent in an HTTP response from the web server. This header field instructs the web browser to store the cookie and send it back in future requests to the server (the browser will ignore this header field if it does not support cookies or has disabled cookies).
As an example, the browser sends its first HTTP request for the homepage of the www.example.org
website:
GET /index.html HTTP/1.1
Host: www.example.org
...
The server responds with two Set-Cookie
header fields:
HTTP/1.0 200 OK
Content-type: text/html
Set-Cookie: theme=light
Set-Cookie: sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT
...
The server’s HTTP response contains the contents of the website’s homepage. But it also instructs the browser to set two cookies. The first, “theme”, is considered to be a session cookie since it does not have an Expires
or Max-Age
attribute. Session cookies are intended to be deleted by the browser when the browser closes. The second, "sessionToken", is considered to be a persistent cookie since it contains an Expires
attribute, which instructs the browser to delete the cookie at a specific date and time.
Information Security and Computer Privacy
Because a cookie can only be read by the company that places it, information security only becomes an issue if someone else gains access to the computer, or the website itself is hacked. Computer browser cookies cannot get any information stored on the computer that was not provided by the user to the website that placed the cookie.
Browser cookies are not used to deliver viruses to a computer. As a browser cookie is a text file, there is no executable code in a cookie accepted by the computer.
On the other hand, cookies can send additional information to a website, such as a history log of web sites the user has visited
Controlling Computer Browser Cookies
The computer user has control over the browser cookies placed on the system. Options include deleting browser cookies from the computer, adjusting the browser settings to delete cookies when exiting the browser, prompting before allowing cookies and blocking all third-party cookies.