2021 January, 1
Cookies can be used for various purposes, such as tracking user behavior, remembering login credentials, and personalizing the user experience.
Providing clear and transparent information about using cookies by website operators helps users understand how their data is used and allows them to make better choices about their privacy.
3-5 Minutes to read
What are Cookies
HTTP header cookies, or short cookies, are a small data files that a website asks your browser to create on your computer or mobile device. A cookie allows the website to store your actions or preferences over time.
All modern browsers support cookies. However, users can configure a browser to decline them. Moreover, all users can delete all or selected cookie files whenever they like.
Find below how cookies are typically used for.
In general, cookies are used to remember a vistors personal preferences.
Cookies allows to identify users, on return for example.
The data stored in cookies can help users to complete tasks without re-entering the same information when visiting the site later.
Cookies can also be used for online behavioral target advertising and to show innformation relevant to something that users searched for in the past. The webserver supplying the webpage can store a cookie on the users computer or mobile device to store such personal preferences.
Types of Cookies
Cookies let websites remember you: for example your logins or purchases. But they can also be a treasure trove of private info for criminals to spy on.
In general, cookies can’t infect computers with viruses or other type of malware. However, some cyberattacks can hijack cookies and enable access to your browsing sessions. The danger lies in their ability to track individuals' browsing histories. Web browser manufacturers introduced many security functions to minimize attack risks.
A cookie can be classified by its lifespan and the website to which it belongs.
Cookies classified by lifespan are either a:
- Session cookie
Session cookies gets automatically deleted when the user closes the web browser and all open window tabs.
- Persistent cookie
A persistent cookie remains on the user’s computer/device for a pre-defined period of time; for a year at the maximum.
The domain classifies cookies, the web address to which it belongs is either of:
- First-party cookie
First-party cookie cookies are set by the webserver of the visited page and share the same domain you’re visiting. These are generally safer, as long as users are browsing reputable websites or ones that have not been compromised.
- Third-party cookies
Third-party cookies are stored by a different domain to the visited page. This can happen when the webpage references a file located outside its domain. Third-party cookies let advertisers or analytics companies track the user’s browsing history across the web on any sites that contain their ads.
Without cookies, the Web would not work as it does today. However, since the mid 90ies when Cookies were introduced, the web changed quite a lot, and so did the attack methods on web applications.
A well-known attack method is known as cross-site request forgery or short CSRF. A CSRF is an attack that forces an end user to execute unwanted actions. A cookie may play a role in such scenarios, but they are not generally unsafe.
If you like, read more about on a CRSF attack on the page OWASP.
Users can take control when cookies are used or not. You can delete all cookies that are already on your computer, and you can set most browsers to prevent them from being placed.
If you do this, however, you may have to manually adjust some preferences every time you visit a site, and some services and functionalities may not work.
For more information how cookies are used, visit the page AboutCookies.