What is Cookie?

Questions and answers about online security.

Website cookies are small text files stored on a user’s system by their web browser.
A website cookie is also known as a HTTP cookie or a browser cookie or just a cookie depending upon the preferences of the people who use them.

Cookies normally contain textual data that helps websites remember the user, their browsing patterns, their login information (in some cases), their session information, etc.

Cookies help websites to store temporary data that might be of use while the user is still browsing the website. Storing the information on the user’s computer rather than the server would help in reducing disk usage on the server as well as reduce the bandwidth consumption that may arise due to transfer of information, if cookie is stored on server.

A single cookie doesn’t take up that much of a space, but when we talk about thousands of users per website, the temporary data does start taking up space and that is when the cookies come in handy.

Cookies contain data i.e. in the form of name-value pairs and now days are generally encrypted. The encrypted cookie helps to protect the user’s data for privacy and security reasons. The cookie data when required is sent to the web server back through the HTTP response and it is sent via the HTTP header.

Cookies can either have an expiration date or without an expiration date. When a cookie doesn’t have an expiration date, the browser would delete the cookie once the browser session is terminated. But the cookies that have an expiration date are kept until the expiry date and time has been reached and then the browser deletes them.

There are many types of different cookies depending upon their usage:
•    Session cookie: Session cookies last until the browser session of the user lasts. Once the user closes the browser or the session is terminated, the cookie will expire and becomes invalid.
•    Persistent cookie: These types of cookies do not expire on closing of the browser session. They can be set to last for 10, 20 or even 50 years. Logically that is not a good practice. The values that are set when the was created initially are sent every time to the website when the user tries to visit the site. Persistent cookies are also known as tracking cookies.
•    Secure cookie: These cookies are used in conjunction with sites that are HTTPS based sites.
•    HTTPOnly cookie: These cookies are only available to the HTTP or the HTTPS requests and are not available to client side scripts. These are normally used to protect from cross site scripting attacks.
•    Third party cookie: Third party cookies are cookies that are set by different domain rather than the one shown in the address bar.
•    Super cookie: Super cookies stand for a whole public suffix i.e. for .com, .co.uk, etc. Super cookies are not allowed normally as they can be used for malicious purposes.
•    Zombie cookie: Zombie cookies are cookies that are automatically created once the user has deleted a cookie.