What do HTTP cookies do and how do they store information?
Sadly, no. HTTP cookies function more like locker-rental tokens than crunchy, delicious treats. When you rent a locker, the counter staff usually passes you a token with information on it (such as the locker’s unique identification number). At the end of the rental period, you return the token back to the counter staff read the information from the token to open the correct locker.
HTTP Cookies are a collection of small files of information that a web server generates and passes to your web browser through a header, which will store them on your device. Different types of cookies store different information for specific purposes. For example, a web browser may issue a cookie to your browser storing information identifying your account after you have logged into an e-commerce site. Through the cookie, when you browse the site, the server is able to identify that it is your account that is currently active on the site.
There are many different types of HTTP cookies. Here are some important cookies that you should be familiar with:
A session cookie tracks a user's session to inform the web server that the user is still actively browsing the site. Browsers usually delete session cookies when the browser window is closed. Session cookies don't have an expiration date, which lets browsers know that session cookies are safe to delete when the browser window closes.
Persistent cookies persist on a device and are not deleted when the browser window is closed. These cookies remain on the device for a predetermined length of time and come with an expiration date. Persistent cookies can be either first-party or third-party cookies.
First-party cookies are cookies that are issued by the web server of the website that you are visiting. Persistent first-party cookies can improve your website experience by keeping you logged in so that you do not have to re-enter your credentials again after closing the browser window.
Third-party cookies are not issued by the web server of the website you are visiting. A very common third-party cookie is the tracking cookie, which is often used by organizations to record details about a user’s browser activity over a period of time, such as actions on a site, browsing history, purchases, IP address, and geographical location.
Tracking cookies are considered a breach of user privacy, as they often collect information about the user without the user’s explicit consent. Most internet users are unaware that tracking cookies are recording details about their browsing activity. Many browsers now offer an option to block third-party cookies automatically to better protect user privacy.
Secure cookies are cookies that must be transmitted by the HTTPS protocol and cannot be transmitted via unencrypted HTTP. This way, cookie information is less likely to be stolen as it is transmitted between the browser and the web server. A cookie becomes a secure cookie when the secure flag is applied to it.
Zombie cookies are like the undead. They are automatically recreated no matter how you delete or “kill” them. Zombie cookies are copied in various locations on your device, so when the cookie is destroyed, it can be recreated from one of its copies. An example of such a cookie is the wildcard cookie.
Hypertext Transfer Protocol. A protocol that connects web browsers to web servers when they request content.
The part of an HTTP message that contains information about the contents of the message.