What are cookies, and what do they do?

When browsing the internet, you often encounter the term “cookies.” Many websites inform you about using cookies and ask for your approval. Web browsers have many settings for managing cookies, and even browser add-ons mention blocking cookies of all kinds. Even though you know that these “cookies” are not exactly a sweet dessert, you may not know precisely what they are and their purpose on the internet. This is why, in this article, I’ll answer many questions about cookies you might have, explaining what cookies are (with examples of how cookies are used), what cookies do and how they work. Let’s get started:

What are cookies on the internet?

Cookies are files containing information about you, your web browser, and your behavior on the internet. They are tiny files stored on your PC or device, which can be used by websites or web apps to tailor your online experience.

Browser cookies: What are they?

What do cookies do? What’s the reason for using cookies?

Cookies are sent between a sender (usually a website or a web app) and a receiver (your device). A cookie is created and interpreted by the sender, while the receiver only holds it and sends it back if the sender asks for it.

When browsing the web, the sender is the server on which a website runs, and the receiver is the web browser of the user who visits that website. Their purpose is to identify the user, check their past activity on the website and provide appropriate content based on this data.

Cookies in use, on our website, Digital Citizen

The first time a user visits a website, the server stores a particular cookie in the web browser of that user. On subsequent visits to the website, the server asks for its cookie, reads it, and loads a particular website configuration for that specific user. You can think of cookies as a tag applied by web servers to every user, which is read by web servers to identify users.

Cookies used by Digital Citizen

So should you allow cookies? In many cases, the answer is yes, as this identification is beneficial on websites where real-time user data is critical. For example, when using an online shop, you cannot buy anything without the help of cookies. Shops would be unable to identify you and build your shopping cart without them because each time you load a web page, the shop would see you as a new user and start your visit from scratch.

What is inside a cookie?

Every modern web browser supports cookies, and they have a small size of less than 4 KB. To help you understand the structure of a cookie, let’s use as an example the "_ga" cookie sent by our website, Digital Citizen, and used for statistics by Google Analytics. I analyzed it using Microsoft Edge.

What's inside a cookie?

Here’s the structure of a cookie:

  1. Name - the name of the cookie.
  2. Content - the information the cookie contains.
  3. Domain - the domain using this cookie.
  4. Path - the page of the domain where the cookie is used. If the path is "/," it means that the cookie is used across the whole website.
  5. Send for - the level of security the connection needs to use the cookie.
  6. Created - the date the cookie was created on the user's web browser.
  7. Expires - the moment when the cookie expires and the browser deletes it.

How many types of cookies are there?

Even though the term cookie is rather general, there are many ways a cookie can be used. This is why there are different types of cookies on the internet. Here are the main types of cookies (including explanations):

  • Session cookies - are one of the most common. They exist in temporary memory until the web browser is closed. They are not harmful because all their information is deleted when your browsing session is over.
  • Persistent cookies - also called tracking cookies. They last on the user's device until they are deleted or reach their expiry date. They are used to gather information about the user, recording his or her behavior on a specific website over a period of time.
  • Secure cookies - an encrypted cookie that works only when using a secure HTTPS connection. These cookies are used to ensure that their information cannot be stolen by potential hackers connected to the same network as the user. They keep essential information about the user and are used mostly on websites where users perform financial transactions. Because they are encrypted, they are a lot more secure than other types of cookies.
  • HttpOnly cookies - they cannot be used by any protocol other than HTTP. Such cookies ensure that only the website that created them can use them. Only session cookies can be HttpOnly, and they generally do not imply any privacy or security risks for users.
  • Third-party cookies - these cookies belong to a domain other than the one that sent them. They are usually sent by ads and can store the browsing history of a user across multiple websites that use the same advertising network. These cookies may hurt your privacy because some ad networks use them to track too much data about you to display targeted ads.
  • Zombie cookies - cookies that recreate themselves after they are deleted. They are generally used by web analytics services and stored outside the browser because they are available across browsers installed on the same computer. The reason they recreate themselves is to prevent data from becoming fragmented after the user deletes the cookies. They can also be used maliciously because the web browser cannot control their existence. Only security products can identify zombie cookies and remove them.

When were cookies invented (a concise history)?

In July 1994, an employee at Netscape Communications had to develop an e-commerce application. He had to find an easy way to keep the shopping cart for every user without overloading the server, so he decided that the best way to do this was to store this information in the web browser of every user. Because cookies were already used in different fields of the IT industry, he decided they could also be used for web browsing.

The first browser to use and support cookies was Mosaic Netscape in October 1994. One year later, Internet Explorer 2 also supported cookies. Since then, all web browsers have offered support for cookies. Even though the reason why they were created is a positive one, cookies are now used for all kinds of purposes, some of which are not ethical or legal.

Why am I seeing messages about cookies on every website?

If you live in Europe or you are browsing the web using a European IP address, you see prompts about the use of cookies on many websites that you visit. These prompts are shown because of the General Data Protection Regulation (GDPR) legislation that is applied in all the countries that form the European Union and to all the websites and online services that have European users.

GDPR message about cookies

The purpose of these prompts is to inform all European users about cookies, how they are used and why, and ask for their explicit consent. I recommend that you read these prompts and permit only the uses you are OK with.

How to see and manage the cookies stored in your web browser by websites

Should you want to delete cookies or just learn know how to see and manage the cookies your web browser stores on your device, these guides we published will help:

Do you have any other questions about cookies?

Now you know that cookies are widely used on the internet because they allow websites to be more powerful by providing the most useful content to every user. In some cases, websites cannot function without using cookies. They also allow websites to learn about their users and the pages they are visiting. However, just like any other technology, they can be used for unethical purposes. That is why knowing how cookies work and how they are used is a useful skill for any digital citizen browsing the web. If you have any other questions about cookies, don’t hesitate to leave a comment below.

Discover: Security Blog Google Chrome Internet Explorer Microsoft Edge Mozilla Firefox Network and Internet Opera Programs Recommended Windows
Join the discussion: See the comments Comment