Application Security IT Security Websites

Cookies: what you need to know


Cookies are text files with small pieces of data, such as usernames and passwords, that are used to identify your computer network. HTTP cookies are a specific kind of cookie used to identify specific users and to improve user web browsing experiences. Data stored in a cookie is created by the server as you connect. This data is labeled with an ID that is unique to you and your computer. When the cookie is exchanged between your computer and the network server, the server reads the ID and remembers you and what information to specifically serve to you.

HTTP cookies are built specifically for internet web browsers to track, personalize, and save information about each user’s “session” (time a user spends on a website). When you visit a new website, cookies are created to identify you. The web server sends a short stream of identifying information to your web browser when it wants the web browser to save it. When a user returns to a website with stored cookies in the future, the web browser returns that data to the web server in the form of a cookie, and the browser will send it back to the web server to recall data from previous sessions. HTTP cookies are primarily used for:

Session management. Cookies allow websites to recognize their users and to recall their login information and preferences.

Personalization. Cookies are used to personalize advertising within your sessions. The products and content that you view is used to inform targeted advertising that considers interest that you have demonstrated in the past.

Tracking. Online shopping websites use cookies to track items that users have previously viewed which allows them to suggest relevant items that the user might also wish to view. Cookies also allow users to keep items in shopping carts while they shop.

Cookies themselves are not dangerous, but their ability to track users’ browsing histories can, in some situations, lead to security threats. Some cookies to be aware of:

Third-party cookies. Third-party cookies are generated by websites that are different from the website that a user is currently viewing, often because they are linked to ads on that page. Visiting a page with ten ads may generate ten cookies, even without a user ever clicking on any of those ads. Third-party cookies let advertisers or analytics companies track a user’s browsing history across the web on any sites that contain their ads.

Zombie cookies. Zombie cookies are from a third-party and are permanently installed on a user’s computer, even when they did not consent to the installation of cookies. They are insidious, as they reappear even after they have been deleted. Just like third-party cookies, zombie cookies let advertisers or analytics companies track a user’s browsing histories.

Third-party and zombie cookies put users at risk of privacy breaches. The more cookies that you have from different websites, the more opportunities there are for security threats. Since cookies do improve user experiences by personalizing sessions, there may be cookies that you want to keep. View your cookies under Settings>Privacy and evaluate which ones are valuable to your user experiences and consider removing the rest. Also consider using a virtual private network (VPN) which makes it appear as if you are in another location, other than your local computer.