Simple questions: What are cookies and what do they do?

When browsing the internet, you often encounter the term "cookies." Many websites inform you about using cookies, and ask for your approval. Web browsers have many settings for managing cookies and even browser add-ons mention blocking cookies of all kinds. Even though you know that these "cookies" are not exactly a sweet dessert, you may not know precisely what they are and what their purpose is on the internet. This is why, in this article, we explain what cookies are, what they do and how they work, and what kind of cookies are most frequently used on the internet. Let's get started:

What are cookies on the internet?

Cookies are files that hold information about you, your web browser and your behavior on the internet. They are tiny files stored on your PC or device, which can be used by websites or web apps to tailor your online experience.

What do cookies do?

Cookies are sent between a sender (usually a website or a web app) and a receiver (your device). A cookie is created and interpreted by the sender, while the receiver only holds it and sends it back if the sender asks for it.

When browsing the web, the sender is the server on which a website runs, and the receiver is the web browser of the user who visits that website. Their purpose is to identify the user, check for his or her past activity on the website and provide appropriate content based on this data.

The first time a user visits a website, the server stores a particular cookie in the web browser of that user. On subsequent visits to the website, the server asks for its cookie, reads it and loads a particular configuration of the website for that specific user. You can think of cookies like a tag applied by web servers to every user, which is read by web servers to identify users.

This identification is beneficial on websites where real-time user data is critical. For example, when using an online shop, you cannot buy anything without the help of cookies. Shops would not be able to identify you and build your shopping cart without them because each time you load a web page, the shop would see you as a new user and start your visit from scratch.

What is inside of a cookie?

Every modern web browser supports cookies, and they have a small size, of roughly 4 KB. To help you understand the structure of a cookie, let's use as an example the "cfduid" cookie sent by our website - Digital Citizen. We analyzed it using Google Chrome.

Here is its structure:

  1. Name - the name of the cookie.
  2. Content - the information the cookie contains.
  3. Domain - the domain using this cookie.
  4. Path - the page of the domain where the cookie is used. If the path is "/" it means that the cookie is used across the whole website.
  5. Send for - the level of security the connection needs to have to use the cookie.
  6. Accessible to script - it shows whether or not the cookie can be accessed through other ways than HTML.
  7. Created - the date the cookie was created on the user's web browser.
  8. Expires - the moment when the cookie expires and the browser deletes it.

How many types of cookies are there?

Even though the term cookie is rather general, there are many ways a cookie can be used. This is why there are different types of cookies on the internet. The most common types are the following:

  • Session cookies - one of the most common. They exist in temporary memory until the web browser is closed. They are not harmful because all their information is deleted when your browsing session is over.
  • Persistent cookies - also called tracking cookies. They last on the user's device until they are deleted or reach their expiry date. They are used to gather information about the user, recording his or her behavior on a specific website over a period of time.
  • Secure cookies - an encrypted cookie that works only when using a secure HTTPS connection. These cookies are used to ensure that their information cannot be stolen by potential hackers connected to the same network as the user. They keep essential information about the user and are used mostly on websites where users perform financial transactions. Because they are encrypted, they are a lot more secure than other types of cookies.
  • HttpOnly cookies - they cannot be used by any protocol other than HTTP. Such cookies ensure that only the website that created them can use them. Only session cookies can be HttpOnly, and they generally do not imply any privacy or security risks for users.
  • Third-party cookies - these cookies belong to a different domain, other than the one that sent them. They are usually sent by ads and can store the browsing history of a user across multiple websites that use the same advertising network. These cookies may hurt your privacy because some ad networks use them to track way too much data about you, to display targeted ads.
  • Zombie cookie - cookies that recreate themselves after they are deleted. They are generally used by web analytics services and stored outside of the browser because they are available across browsers installed on the same computer. The reason they recreate themselves is to prevent data from becoming fragmented after the user deletes the cookies. They can also be used for malicious purposes because the web browser cannot control their existence. Only security products can identify zombie cookies and remove them.

When were cookies invented (a concise history)?

In July 1994, an employee at Netscape Communications had to develop an e-commerce application. He had to find an easy way to keep the shopping cart for every user, without overloading the server, so he decided that the best way to do this was to store this information in the web browser of every user. Because cookies were already used in different fields of the IT industry, he decided they could also be used for web browsing.

The first browser to use and support cookies was Mosaic Netscape, in October 1994. One year later, Internet Explorer 2 also supported cookies. Since then, all web browsers have offered support for cookies. Even though the reason why they were created is a positive one, cookies are now used for all kinds of purposes, some of which are not ethical or legal.

Why am I seeing messages about cookies on every website?

If you live in Europe, or you are browsing the web using a European IP address, you see prompts about the use of cookies on many websites that you visit. These prompts are shown because of the General Data Protection Regulation (GDPR) legislation that is applied in all the countries that form the European union, and to all the website and online services that have European users.

The purpose of these prompts is to inform all European users about cookies, how they are used and why, and ask for their explicit consent. We recommend that you read these prompts and permit only the uses that you are OK with.

How to see and manage the cookies stored in your web browser by websites

If you want to know how to see and manage the cookies your web browser stores on your device, we have guides that cover all the major web browsers. Here they are:

Conclusion

Cookies are widely used on the internet because they allow websites to be more powerful by providing the most useful content to every user. In some cases, websites cannot function without using cookies. They also allow websites to learn about their users and the pages they are visiting. However, just like any other technology, they can also be used for unethical purposes. That is why knowing how cookies work and how they are used is a useful skill for any digital citizen browsing the web. If you have any questions about cookies, do not hesitate to leave a comment below.