What Are HTTP Cookies

Posted on September 10, 2010 by Santosh

What Are HTTP Cookies?

HTTP Cookies (more commonly referred to as Web cookies, tracking cookies or just cookies) are pieces of text sent by a server to a web client (usually a browser) and then sent back from client to server – without change – every time the client accesses the same server. Cookies are used to perform HTTP authentication and tracking of sessions and store specific information about users accessing the server, such as bookmarks or in case of online shopping, the contents of their “shopping carts” ( shopping cart). The term “cookie” – literally “biscuit” – derived from magic cookie, well-known concept in UNIX environment that inspired both the idea that the name of HTTP cookies.

Since they can be used to monitor Internet browsing, cookies are discussed concerning the right to privacy. Many countries and organizations, including the United States and the European Union, have legislated on the matter. Cookies were also criticized for not always able to identify you accurately and also because they can potentially be subject to attacks. There are some alternatives to cookies, but all together with some advantages, contraindications.

Cookies are often wrongly regarded as actual programs and this generates misconceptions. In reality they are simple blocks of data, unable, alone, to take any action on your computer. In particular can not be spyware or viruses. Nevertheless cookies from some sites are classified as spyware by many anti-spyware products because they make it possible to identify the user. Modern browsers allow users to decide whether to accept cookies, but the refusal makes some items unusable. For example, shopping carts implemented using cookies do not work in case of refusal.

Applications and privacy problems

In 1994 were originally used to control whether the document had visitors to Netscape had already visited. In 1995 cookie management has been integrated into Internet Explorer 2. The introduction of cookies was not initially known to a wide audience, but he began to speak after an article in the Financial Times February 12, 1996. The debate that raged theme was the implications of cookies on secrecy. The cookies were the subject of two hearings of the Commission of the United States Federal Trade in 1996 and 1997. From these dates it began to regulate the use of cookies.

Today the most common applications ranging from storing information about user behavior within the same Web sites you visit. These applications have often raised concerns by privacy advocates for surfers, because a cookie might help in navigating or spy on us. In the latter case they are many chains of advertising (selling advertising to many different sites) which use a cookie attached image advertising to correlate the same user visits several different sites, thus building a kind of profile sites welcome.

Other uses considered affordable because they use the cookie as a service to you are such a data recording session to avoid the need for re-authentication in a subsequent visit (as does Wikipedia for its registered users), or keep the contents of the “shopping cart” in e-commerce sites.

Even the most popular search engine in the world, Google sends a cookie that stores data on searches, keyword searches and user behavior.

More detail about the different uses of cookies are therefore:

  • To fill the virtual shopping cart on commercial sites (cookies allow us to add or remove items from your cart at any time).
  • To allow a user to login on a website.
  • To customize the page based on user preferences (for example, the Google search engine allows the user to decide how many search results should display page).
  • To track user paths (typically used by advertising companies to obtain information on the navigator, her taste preferences. This data is used to profile the visitor to submit only the banner ads that may be of interest) .
  • To manage a site: Cookies are used to those involved in updating a site to see how user is visiting, which path do on the site. If the path leads to dead ends, the operator can notice it and it can improve site navigation.

Many modern browsers allow the user to decide when to accept cookies, but reject some cookies does not allow the use of some sites (such as we sign up for a website like Wikipedia).

The settings can be customized to enable or block forever, within a specified period of stay, to filter sites based on whitelists and blacklists, and to filter cookies that are used by the server or even a link (often commercials) to hosted sites on different servers.

It should be noted that the operation of cookies is entirely dependent on the browsers that you use: In theory, this program can give you complete control over cookies and allow or reject the creation and dissemination. In practice, the currently most popular browser, Microsoft Internet Explorer, has only a rudimentary management of cookies, while less popular alternatives (such as Opera or Mozilla) give more control and allow the user to accept / reject cookies from sites specific. Other programs to be used as proxies, allow users a greater degree of control over what happens.

Tor or proxy servers have the final effect, not to remove the IP address, but to make it appear different from one’s own computer. In the case of discovering the IP, with these devices, not encountered any limitations in the number of sites waterways.

Cookie – Specifications

A cookie is a header in a request this additional (Cookie:) or response (Set-Cookie:) HTTP: if the server will assign you a cookie, it will add between response headers. The client must note the presence of the cookie and store it in a designated area (typically, using a directory where each cookie is stored in a file). A cookie is a string of arbitrary text, an expiration date (after which should not be considered valid) and a pattern to recognize the domains to which it refers. You can set multiple cookies in a single HTTP response.

The browser client passes back the cookie, without amendment, attached to all HTTP requests that match the pattern before the expiration date. The server can then choose to assign the cookie again, overwriting the old one. Resending through pattern allows all sub domains for a given domain to receive cookies, so if you want.

Cookies are used to add a state to a stateless protocol. Without cookies, there would be no difference in the first page loaded to login from the same page loaded after.

Given that cookies remain in the system for long periods, sites can give you a list and keep track of your navigation on the site, usually for the purpose of creating statistics.

Cookies can also be used to track surfing on other sites, where these third party sites using content from the site that set the cookie. Usually advertising on sites, is managed by companies that have listings on several websites. The advertising content itself is loaded directly from their server (via an HTTP request) and displayed in an integrated site that you want to visit. In this way, the server company will receive advertising from the user’s browser the address of the page you are viewing, and may send a cookie to the client. Through this mechanism, the advertising companies can create custom profiles for users and show them targeted advertisements.

Contrary to popular belief, a cookie is a small text file: yes it can be stored in a text file, but not necessarily. The cookies can usually find six attributes:

  • Name / value is a variable and a required field.
  • Domain (domain) allows us to specify the domain of origin of the cookie.
  • Expiration (expiration date) is an optional attribute that allows to determine the expiration date of the cookie. Can be expressed as the date, as the maximum number of days or as Now (now) (implies that the cookie is deleted from your computer as soon expire when you created) or Never (never) (implies that the cookie is not subject to expiration and these are called persistent).
  • Path (path) specifies the location from which the cookie is sent to the end user.
  • How to access (HttpOnly) makes the cookie visible to javascript and other client-side languages on the page.
  • Safe (secure) indicates whether the cookie should be transmitted encrypted with HTTPS.

Manipulations on cookies

A cookie handling procedure is cookie poisoning. Is to modify the contents of a cookie (for example personal information stored on your computer) with the intent to circumvent the security mechanisms. Through this technique an attacker can obtain private information and not authorized by a user and steal his identity. Cookies stored on your computer have sufficient information to enable applications to authenticate the user ID, monitor behavior and customize the content of a site, etc. These data are usually encrypted, but the algorithms are not always sure that any user with malicious intent could steal our data and use them or modify them. According to the organization, The Open Web Application Security Project OWASP commonly called the handling of cookies is one of 20 attacks used by hackers, especially in e-commerce systems and are used to identify you.

Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.


About Santosh

Santosh is an experienced content writer with excellent English spelling and grammar skills and experience in search engine optimisation. Santosh works with our marketing department in the creation of articles and how-to guides for our company blog and knowledgebase.
This entry was posted in Industry Knowledge Hub, Web Hosting Articles and tagged , , , , . Bookmark the permalink.

Leave a Reply