01 January 2020
Is it needed for visitors to know what cookies are about? No doubts, you’re requested to inform - in Europe for legal reasons. All users visiting websites are bothered all the time to accept cookies. For good reasons?
What are cookies technically
In short: a cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time. All modern browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like. Good to know.
- General information storage
Remember users' custom preferences
Help users complete tasks without re-entering information when browsing from one page to another or when visiting the site later.
- Track behavioral
Cookies can also be used for online behavioral target advertising and to show adverts relevant to something that the user searched for in the past. The webserver supplying the webpage can store a cookie on the user’s computer or mobile device.
How are they used
Types of cookies
HTTP cookies are essential to the modern Internet but potentially a vulnerability to your privacy. As a necessary part of web browsing, cookies help web developers give you more personal, convenient website visits. Cookies let websites remember you, your website logins, shopping carts, and more. But they can also be a treasure trove of private info for criminals to spy on.
Since the data in cookies doesn’t change, cookies themselves aren’t harmful. They can’t infect computers with viruses or other malware. However, some cyberattacks can hijack cookies and enable access to your browsing sessions. The danger lies in their ability to track individuals' browsing histories. Cookies generally can be classified by its lifespan and the domain to which it belongs.
Cookies classified by lifespan are either a:
- Session cookie
Session cookies gets automatically deleted when the user closes the web browser and all open window tabs.
- Persistent cookie
A persistent cookie remains on the user’s computer/device for a pre-defined period of time.
Cookies classified by the domain to which it belongs, are either of:
- First-party cookie
First-party cookie cookies are set by the webserver of the visited page and share the same domain you’re visiting. These are generally safer, as long as users are browsing reputable websites or ones that have not been compromised.
- Third-party cookies
Third-party cookies are stored by a different domain to the visited page. This can happen when the webpage references a file located outside its domain. Third-party cookies let advertisers or analytics companies track the user’s browsing history across the web on any sites that contain their ads.
Security aspects on using cookies
Without cookies, the web would not work as it does today. However, since the mid 90ies when cookies were invented, the web changed quite a lot, and so did the attack methods on web applications; as mentioned, the Internet is not a friendly place.
A well-known attack method is known as Cross-Site Request Forgery or short CSRF. CSRF is an attack, a criminal act, that forces an end user to execute unwanted actions. A cookie may play a role in such scenarios, but they are not generally unsafe if you want, you can read more about that on the CRSF Page on OWASP.
How to control cookies
Users can take control, used or not used, or delete cookies. For more details, see AboutCookies. You can delete all cookies that are already on your computer, and you can set most browsers to prevent them from being placed.
If you do this, however, you may have to manually adjust some preferences every time you visit a site, and some services and functionalities may not work.