Do you need Cookies?

Posted By BrokenClaw on September 16, 2007

A web cookie is a short segment of data sent from a website to your browser when you visit a webpage. The browser then sends the cookie back to the website at a later time in order to verify that you have been there previously. The cookie was originally developed in the 1990s as a tool for Internet commerce sites, in order to implement the “shopping cart” concept. Another main function of cookies is to keep you logged in on certain websites, even if you leave and come back.

The name cookie comes from earlier computer jargon, and it has no intuitive resemblance to a cookie that you eat. In real life, a web cookie is more like a token or ticket. For instance, when you drop off your suit at the cleaners, they give you a ticket to associate you with your suit, and then you give the ticket back when you pick it up. It doesn’t matter to you how they keep track of your suit, because as long as you have the ticket, you are assured that you will be able to get your suit back.

The same is true of cookies. It doesn’t matter to you, or your browser, what the website is doing behind the scenes, as long as you have the cookie, everything will work as designed. Your browser doesn’t have to remember everything in your shopping cart, and it doesn’t have to remember your language, color scheme, or layout preferences for each website, as long as the cookie can identify you to the web server when you go back.

The length of time that a cookie stays on your computer, or remains active, is part of the data in the cookie itself. Advertising cookies (see below) are typically set for five years, but there is no limit. If the cookie has no expiration date, the browser automatically deletes it when the browser is closed. Cookies that have an expiration date and stay active are called persistent cookies.

Because cookies can be used to track your browsing habits, they do present a certain level of privacy and security risk. However, it’s important to know that cookies are just plain data. They cannot do anything themselves; they cannot start programs or run spyware or install viruses.

Most of the concern arises from the introduction of third-party cookies which are not controlled by the displayed website. For example, you might be looking at a website which has an advertising banner from a different company. This third party can also send a cookie to your browser to identify your computer. Since the advertiser, or the advertising agency, has ads all over the Internet, they can track your web habits on all of the sites they serve. The purpose of these cookies is to create aggregated data for the advertisers, so they can determine things like, people who visited website A also visited website B.

Unlike links, cookies are installed automatically. You don’t have to do anything. In other words, if you see a banner ad on a website, it’s possible that the banner ad already sent a new cookie to your browser or retrieved an old one from your browser. The bad part is that banner ads can be constructed in such a way as to be virtually invisible on the webpage, which means that their sole purpose is to operate cookies. In recent times, it has been demonstrated that it’s possible under certain conditions for one website to hijack another website’s cookies, presenting another security risk.

Cookies serve an important function on legitimate websites and most of the time present no problem. By default, your browser accepts cookies and keeps them until they expire. However, your browser also has tools or options which allow you to adjust the way that your browser handles cookies. If you want, you can have the browser notify you when a cookie is sent, or you can decide to reject all cookies, or delete all cookies manually, or delete all cookies automatically when you close the browser.

Legitimate websites which allow you to set personal preferences often notify you ahead of time that “You must have cookies enabled to use this feature.” And now you know what they mean.

Comments

Comments are not allowed.

Switch to our mobile site