An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers.
Other kinds of cookies perform essential functions in the modern web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate themselves by logging in.
How Long Does a Cookie Last?The time of expiry of a cookie can be set when the cookie is created. By default the cookie is destroyed when the current browser window is closed, but it can be made to persist for an arbitrary length of time after that.
Who Can Access Cookies?When a cookie is created it is possible to control its visibility by setting its 'root domain'. It will then be accessible to any URL belonging to that root. For example the root could be set to "cloudstinger.com" and the cookie would then be available to sites in "www.cloudstinger.com" or "xyz.cloudstinger.com" or "cloudstinger.com". This might be used to allow related pages to 'communicate' with each other. It is not possible to set the root domain to 'top level' domains such as '.com' or '.co.uk' since this would allow widespread access to the cookie.
By default cookies are visible to all paths in their domains, but at the time of creation they can be retricted to a given subpath - for example "www.cloudstinger.com/images".
How Secure are Cookies?There is a lot of concern about privacy and security on the internet. Cookies do not in themselves present a threat to privacy, since they can only be used to store information that the user has volunteered or that the web server already has. Whilst it is possible that this information could be made available to specific third party websites, this is no worse than storing it in a central database. If you are concerned that the information you provide to a webserver will not be treated as confidential then you should question whether you actually need to provide that information at all.
Are cookies dangerous?There are a lot of myths surrounding cookies, mostly making them out to be in some way dangerous for your computer or infringing of privacy rights. Cookies are, in fact, nothing more than very small text files that are placed on your computer/browser when you visit certain websites.
Can a cookie contain a virus?A normal text based cookie cannot be of any danger to your computer or spread any viruses. Whether or not other cookies can be dangerous or spread viruses has to do with whether or not a file is "executable," meaning if it's a program rather than data.
What are Tracking Cookies?Some commercial websites include embedded advertising material which is served from a third-party site, and it is possible for such adverts to store a cookie for that third-party site, containing information fed to it from the containing site - such information might include the name of the site, particular products being viewed, pages visited, etc. When the user later visits another site containing a similar embedded advert from the same third-party site, the advertiser will be able to read the cookie and use it to determine some information about the user's browsing history. This enables publishers to serve adverts targetted at a user's interests, so in theory having a greater chance of being relevant to the user. However, many people see such 'tracking cookies' as an invasion of privacy since they allow an advertiser to build up profiles of users without their consent or knowledge.
Is cookies enabled in my browser?You can check it from your browser's settings.
Last Updated 31th May 2022.