What Are Cookies?
Cookies are pieces of data, normally stored in text files, that websites place on visitors’ computers to store a range of information, usually specific to that visitor – or rather the device they are using to view the site – like the browser or mobile phone.
They were created to overcome a limitation in web technology. Web pages are ‘stateless’ – which means that they have no memory, and cannot easily pass information between each other. So cookies provide a kind of memory for web pages.
Cookies allow you to login on one page, then move around to other pages and stay logged in. They allow you to set preferences for the display of a page, and for these to be remembered the next time you return to it.
Cookies can also be used to watch the pages you visit between sites, which allows advertisers to build up a picture of your interests. Then when you land on a site that shows one of their adverts – they can tailor it to those interests. This is known as ‘behavioural advertising’.
Cookies are incredibly useful – they allow modern websites to work the way people have come to expect – with every increasing levels of personalisation and rich interactive functionality.
However, they can also be used to manipulate your web experience in ways you might not expect, or like. It could be to your benefit, or the benefit of someone else – even a business or organisation that you have never had any direct contact with, or perhaps heard of.
What’s in a Cookie?
Each cookie is effectively a small lookup table containing pairs of (key, data) values – for example (first name, John) (last name, Smith). Once the cookie has been read by the code on the server or client computer, the data can be retrieved and used to customize the web page appropriately.
Why are Cookies Used?
Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage. Storing the data on the server without using cookies would also be problematic because it would be difficult to retrieve a particular user’s information without requiring a login on each visit to the website.
If there is a large amount of information to store, then a cookie can simply be used as a means to identify a given user so that further related information can be looked up on a server-side database. For example the first time a user visits a site they may choose a username which is stored in the cookie, and then provide data such as password, name, address, preferred font size, page layout, etc. – this information would all be stored on the database using the username as a key. Subsequently when the site is revisited the server will read the cookie to find the username, and then retrieve all the user’s information from the database without it having to be re-entered.
How Secure are Cookies?
There is a lot of concern about privacy and security on the internet. Cookies do not in themselves present a threat to privacy, since they can only be used to store information that the user has volunteered or that the web server already has. Whilst it is possible that this information could be made available to specific third party websites, this is no worse than storing it in a central database. If you are concerned that the information you provide to a web server will not be treated as confidential then you should question whether you actually need to provide that information at all.