In the World Wide Web, a computer "cookie" is a small piece of data that a web server sends to an Internet user's computer along with the requested web page. The web browser is supposed to save the cookie and send it together with all future requests to the same server (or group of servers). Although there are privacy and security concerns that cause some Internet users to block cookies, there is no danger that cookies will damage data on a user's computer or server; cookies cannot contain viruses since they are not executable files.
When a user clicks on a hyperlink, the browser sends a request to the web server specified in the Uniform Resource Locator (URL) underlying the hyperlink. The formal syntax for such requests and the corresponding answer (response) is regulated by the Hypertext Transfer Protocol (HTTP) . For performance reasons, HTTP was designed to be "stateless"— which means that each request is treated in isolation. After a web server answers a request, the connection between the browser and the server is closed within seconds. The HTTP protocol has no notion of a session (with logon and logoff). For some Internet activity this is a serious limitation; therefore, cookies were invented by Netscape as an extension to the HTTP protocol.
What Does a Cookie Do?
Cookies identify and track users of web sites. For instance, in an online shop, a user navigates through a number of pages to fill a "shopping basket." The web server tracks user activity by means of cookies. The very first time a user enters an online shop, the web server notices that no identifying cookie was received with the request for web page access. Therefore, the web server generates a new unique number and sends it in a cookie, along with the response. In future requests from that user to the same server, the browser will automatically include the cookie, which will alert the server that the user is continuing with his/her shopping session. The contents of the shopping basket are stored on the web site's server, indexed by the cookie. When the user purchases something from the shopping basket, thus identifying him or herself by name and address, that information, along with the number of the cookie, is stored on the server.
Personalized web pages also depend on cookies: Some online shops make special offers to returning customers based on their previous buying behavior or suggest new products that are similar to previous purchases. Other web sites allow their users to customize the appearance or contents of the page as it appears on their computer screen.
Advertisements on web pages are often managed by specialized agencies, rather than by the companies that operate the web servers. Such agencies can send cookies alongside the images containing the advertisement. Agencies that manage advertisements on a relatively large subset of the World Wide Web can build up quite a detailed profile of interests for users. As long as they do not know the names and addresses of the users, this might be acceptable. However, through collaboration with online shops, the information of the shop and the advertising agency can be brought together. Technically, the shop refers to images stored on the web server of the advertising agency. In the URLs referencing the images, the unique identifications of users in the shop are included. The server of the advertising agency then gets its own cookies together with the name and address information from the online shop.
Because of such possible privacy problems, web browsers allow users some options to switch cookies off. If a user so chooses, the browser will simply throw away the cookies sent by a server and will not include them in future requests. However, some online shops will not work without cookies. Other shops add the unique number to the hypertext links embedded in the pages. This works only as long as the user stays within the shop; subsequent visits appear as being from a new user.
Internet Explorer stores cookies in "C:\WINDOWS\COOKIES" or "C:\WINDOWS\Temporary Internet Files." Netscape stores cookies in a file called "cookies" or "cookies.txt." A text editor like Wordpad will show the name of the cookie, the contents of the cookie, and the domain of the originating web server plus some additional data (e.g. expiration time). The same server can define several cookies. It is possible for users to delete cookies (the browser must be closed first), but if a user returns later to a web site for which cookies have been deleted, the site's server will not recognize personalized options.
Some cookies contain passwords. This is a security risk, especially if different people have access to the same computer. In addition, the cookie and history folders on a PC give a good picture of the kind of web pages that were viewed by previous users of that PC.
see also Internet; Internet: Applications; Privacy; Security; World Wide Web.
Kristol, David M. "HTTP Cookies: Standards, Privacy, and Politics." ACM Transactions on Internet Technology 1, no. 2 (2001): 151–198.
Ladd, Eric, Jim O'Donnell, et al. Using HTML 4, XML, and Java 1.2, Platinum Edition. Indianapolis, IN: Que, 1999.
"The Cookies Page." Electronic Privacy Information Center (EPIC). <http://www.epic.org/privacy/internet/cookies/>
Kristol, D., and L. Montuilli. HTTP State Management Mechanism. October 2000. Request for Comments (RFC) 2965. <http://www.rfc-editor.org/rfc/rfc2965.text>
"Persistent Client State, HTTP Cookies" (Preliminary Specification). Netscape Support Documentation, 1999. <http://www.netscape.com/newsref/std/cookie_spec.html>
Whalen, David. "The Unofficial Cookie FAQ." Cookie Central. <http://www.cookiecentral.com/faq/>