Back in the early 1990s, website managers decided they needed a way to remember data about users, and the cookie was born. Browser cookies, also known as http cookies, are small text files that are deposited on your computer while you are visiting a website. Depending on your internet activity, you could have dozens or even hundreds of them stored on your computer.
These computer cookies have been a center of controversy since their introduction. Privacy advocates view them as an intrusive way for advertisers to track the activity of users and push ads and products, while website owners say they provide a convenient way for users to retain their site preferences, credentials and settings to improve their online experience.
A cookie is a tiny snippet of data or code that is stored on a web browser when a user visits a website. The cookie contains information about the person’s activity on that website, such as their preferences, login status and shopping cart contents. The next time the user visits the same website, it will recognize the cookie and ingest the stored data.
Have you ever visited an online retailer and added items to your shopping cart, only to navigate away from the site? In many cases, if you revisit the site the next day, your items will still be there so you don’t have to repeat your work. However, for better or worse, you may also be inundated by ads for the next several days promoting those items or similar products.
Another benefit of the way cookies work is that it is easier to authenticate to a website on repeat visits. That’s because the cookie stored in your browser has a unique identifier; once you’ve logged on once, the cookie remembers your login information from the previous session.
Cookies can also be used to personalize your experience by tailoring the content you receive. For instance, an online news site may suggest articles like ones you have clicked on in the past, or an online store might suggest a product that complements one of your earlier purchases.
The HTML or JavaScript code of many websites includes code snippets that instruct the user’s browser to either create a new cookie or retrieve an existing one. The website server provides the browser with the details to create a cookie, such as its name and expiration date. Other details in the cookie can include technical information about the user’s browser type and version or IP address, which ensures website optimization for each browser or computing device. Saved cookies are then used to recreate the same future user experience for the user.
- Session cookies are temporary; they are stored on a device only during the actual browsing session. They are used to maintain information while the user is accessing the site and deleted once the web browser is closed.
- Persistent cookies remain on a device even after the browser is closed. Persistent cookies have expiration dates and are deleted only then. They are used to store information for future visits, such as login credentials and other personal information that identifies the user.
- Party cookies come in two types. First-party cookies are accessed and used only by the website that created them. Third-party cookies are often used by advertising networks to track the browsing history of a user. These tracking cookies are used for things such as website analytics, targeted ad analytics and social media integration. This makes them great tools for digital marketing.
- Zombie cookies are often used by advertising networks and analytics companies to track online behavior and deliver targeted ads. They are sometimes referred to as super cookies because they are difficult to remove from a device once they are saved. Due to their more permanent nature, they are often used to create long-term profiles for unsuspecting users.
Cookies are saved in a folder on the user’s device. The location of the folder depends on the web browser that created the cookies and the operating system of the device.
While it is possible to find the cookies on your computer by using a file navigation tool like Microsoft’s File Explorer, it is a not generally a good idea to delete or modify them this way, since doing so can create issues with the websites and services that rely on them. Instead, use the cookie management functionality within the browser, as described below.
In general, browser cookies are safe. They cannot infect your computer with things like viruses, malware or ransomware, so an antivirus application will not flag the cookies on your system. However, zombie cookies or third-party tracking cookies can be targeted by some spyware applications. After all, these cookies allow others to spy on you.
Cookies can also present privacy problems for devices used by multiple users, such as when family members share a laptop or a single classroom computer serves many students. Because there may be no way to differentiate between the content for different individuals, one user may gain access to the personal information of someone else who uses the device.
In addition, cookies can be manipulated by experienced threat actors. For instance, an attacker could steal a cookie and use it to impersonate someone else on a website and log on to their account. Cookies can be used to perform cross-site scripting (XSS) attacks and to execute malicious code on the machine of a user visiting the website.
A growing number of government regulations now include requirements for cookies. For instance, the GDPR requires organizations to obtain a user’s consent before using cookies to collect their personal data. How can I prevent my browser from storing cookies?
All the major browsers make it easy to clear your cookies. Here are the steps for Microsoft Edge and Google Chrome.
Microsoft Edge
Click on the three dots (…)in the upper-right corner of the browser window and select Settings:
On the Settings page, select Privacy, search, and services and scroll down to Clear Browsing Data. Then choose which data you want to clear:
Google Chrome
If you use the Chrome browser, click on the three dots (…) in the upper-right corner and select Settings. In the Settings window, select Privacy and Security, scroll down to Clear browsing data and select the Cookies and other site data checkbox:
If you want to avoid browser cookies on a case-by-case basis, consider these options:
- Use Incognito Mode when using your web browser. This mode will prevent search history and cookies from sticking to your computer.
- Use a proxy server to keep your identity anonymous; all requests will go through the proxy server rather than directly to the website. Proxy servers can be configured to block or remove cookies by removing the cookie header from a request before forwarding it to the website.
- Install one of the many browser extensions available on the market today that will help you manage or stop cookies.
Alternatively, you disable the use of cookies altogether in the browser’s settings. Here are the steps for Edge and Chrome.
Microsoft Edge
Navigate to Settings > Cookies and site permissions and specify your preferred cookie management settings:
Chrome
Navigate to the Privacy and Security settings screen, where you can choose to block all cookies or just third-party cookies:
Conclusion
Now that you understand how cookies work, the benefits they offer and the risks they entail, you can make informed decisions about how you want to manage them on your browsers. Of course, if you change your mind about any of the settings described here, you can easily modify your preferences.