Jekyll One
  • Previous
  • Next

2021 January, 1

Is it needed for visitors to know what cookies are about? No doubts, you’re requested to inform - in Europe for legal reasons. All users visiting websites are bothered all the time to accept cookies. For good reasons.

What are cookies technically

In short: a cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time. All modern browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like. Good to know.

Websites mainly use cookies for:

Identification

Identify users

General information storage

Remember users' custom preferences

Support

Help users complete tasks without re-entering information when browsing from one page to another or when visiting the site later.

Track behavioral

Cookies can also be used for online behavioral target advertising and to show adverts relevant to something that the user searched for in the past. The webserver supplying the webpage can store a cookie on the user’s computer or mobile device.

All these cookies are called HTTP header cookies. Another way of storing cookies is through JavaScript code contained or referenced on that page. Each time the user requests a new page, the webserver can receive the values of the cookies it previously set and return the page with content relating to these values. Similarly, JavaScript code can read a cookie belonging to its domain and act accordingly.

How are they used

The web server supplying the webpage can store a cookie on the user’s computer or mobile device. An external web server that manages files included or referenced in the web page can store cookies. All these cookies are called HTTP header cookies. Another way of storing cookies is through JavaScript code contained or referenced on that page.

Each time the user requests a new page, the web server can receive the values of the cookies it previously set and return the page with content relating to these values. Similarly, JavaScript code can read a cookie belonging to its domain and act accordingly.

Types of cookies

HTTP cookies are essential to the modern Internet but potentially a vulnerability to your privacy. As a necessary part of web browsing, cookies help web developers give you more personal, convenient website visits. Cookies let websites remember you, your website logins, shopping carts, and more. But they can also be a treasure trove of private info for criminals to spy on.

Since the data in cookies doesn’t change, cookies themselves aren’t harmful. They can’t infect computers with viruses or other malware. However, some cyberattacks can hijack cookies and enable access to your browsing sessions. The danger lies in their ability to track individuals' browsing histories. Cookies generally can be classified by its lifespan and the domain to which it belongs.

By Lifespan

Cookies classified by lifespan are either a:

Session cookie

Session cookies gets automatically deleted when the user closes the web browser and all open window tabs.

Persistent cookie

A persistent cookie remains on the user’s computer/device for a pre-defined period of time.

By Domain

Cookies classified by the domain to which it belongs, are either of:

First-party cookie

First-party cookie cookies are set by the webserver of the visited page and share the same domain you’re visiting. These are generally safer, as long as users are browsing reputable websites or ones that have not been compromised.

Third-party cookies

Third-party cookies are stored by a different domain to the visited page. This can happen when the webpage references a file located outside its domain. Third-party cookies let advertisers or analytics companies track the user’s browsing history across the web on any sites that contain their ads.

Security aspects on using cookies

Without cookies, the web would not work as it does today. However, since the mid 90ies when cookies were invented, the web changed quite a lot, and so did the attack methods on web applications; as mentioned, the Internet is not a friendly place.

A well-known attack method is known as Cross-Site Request Forgery or short CSRF. CSRF is an attack, a criminal act, that forces an end user to execute unwanted actions. A cookie may play a role in such scenarios, but they are not generally unsafe if you want, you can read more about that on the CRSF Page on OWASP.

How to control cookies

Users can take control, used or not used, or delete cookies. For more details, see AboutCookies. You can delete all cookies that are already on your computer, and you can set most browsers to prevent them from being placed.

If you do this, however, you may have to manually adjust some preferences every time you visit a site, and some services and functionalities may not work.