Cookies: A Basic Form of Data Persistence

Plus they’re delicious with milk…

Nicolai Safai
Sep 7, 2018 · 6 min read

There are a lot of misconceptions about how cookies work, and I hope that this article can help clarify what cookies are, how they work and how they are commonly used today.

Disclaimer: I’m not an expert on the subject, and I welcome constructive criticism.


Why Cookies Were Invented

The Internet was originally designed to be anonymous. In other words, websites did not know who a visitor was. For example, if the same person visited 2 days in a row, the website wouldn’t know whether (A) 2 different people accessed the website, or (B) the same person visited twice.

Anonymity sounds pretty good, right? Yes, anonymity is an attractive proposition in many ways, but it can be pretty inconvenient. Imagine the following scenario:

Scenario: You go to a grocery website and you add 30–40 groceries you need. You get up to go to the bathroom, and when you come back to your computer, you discover that your roommate closed the grocery website. You frantically go back to the grocery website, and to your chagrin, you discover that hours of carefully selected groceries were lost. The website has no idea that you’re the same visitor that added those 30–40 items. You have to start over from the beginning.

How one feels after losing hours of progress

In the early 1990’s, many ideas were circulating on how to fix this. One of the most popular proposals at the time was to add a unique identifier to each web browser so that a website could track and identify each user. The downside with this proposal is that a user’s unique identifier could be used to track a user across the entire web, posing serious privacy concerns.

In 1994, Netscape launched a web browser. Within a year, 90% of Internet users were using Netscape as their browser.

Cookies were invented when Netscape wanted to add a shopping cart for an e-commerce website they were building. They wanted the shopping cart to remember what you put into it even if you hadn’t created a website account yet. Musing thought: Was this the beginning of conversion optimizations?


How Do Cookies Work?

You visit a website and your browser starts requesting all the files that constitute the website.

So your browser asks the server, “Can I have sleepy-cat.gif?” and the server is like, “Yeah, here you go oh and take this [cookie] and bring it with you when you come back for more files. So I know it’s you.”

Your browser says “kthxbye” and then returns a nanosecond later: “Hi can I have invisible-bike-cat.jpg? Oh and here, I have this [cookie].” And then the server goes, “Oh it’s you.”
— Rob Flaherty

Well, unlike a browser identifier, cookies were designed to only identify you to the same website that gave you cookies in the first place.

For example, if you go to twitter.com, twitter.com’s server will give you some cookies to recognize you next time. The cookie file might look like this:

UserID       A9A3BECE0563982D        www.twitter.com

If you, later, go to giphy.com, your browser will get a new, different cookie that might look like this:

UserID         1179203810            www.giphy.com

Cookies were designed to only be sent to the domain that gave them the cookie in the first place. So, your browser will not send the twitter.com cookie to giphy.com, or vice-versa.


Common Use Cases

  • Authentication: Users don’t want to type in my credentials every time they visit a website. Some websites allow users to store an authentication token in their cookies using the “Remember me” checkbox:
  • Content personalization: Websites will look at persistent cookies to personalize recommendations on their own website, like Amazon.com
  • A/B tests: Websites can show two different versions of a website to different users by random selection to test out different designs and see how they affect user behavior. Cookies allow these website to show unauthenticated users the same version of the website throughout their visits (to reduce confusion) as long as cookies aren’t cleared.
  • Auto-fill: Websites can autofill forms for you with information that you’ve already given them on another page on their website.
  • Ad personalization: When websites share data such as cookies, ads can become more relevant by personalizing them based on your browsing history. For example, if you search for “Solar panel” on Amazon.com, Amazon.com might add that search term to your cookie and then authorize Facebook.com to show you Amazon.com solar panel ads.

Third Party Cookies — An Unforeseen Problem

How Joe Montulli (inventor of cookies) must have felt when third-party cookies became mainstream

The creator of cookies, Lou Montulli, specifically designed cookies to prevent tracking users’ activity across the web. And yet, they are widely used to do exactly that. How did that happen?

Lou Montulli admits he missed the loophole that advertisers are using and explains how it works:

A problem that I missed during the Cookie design phase was an interaction between cookies and embedded content within a webpage.

Webpages […] contain references to other resources [like images, videos, etc.] that are loaded to display the site that the user sees. […]

This referencing technique is one of the things that make the Web so amazingly powerful. When Web Cookies are combined with embedded references that point to other websites they are called “3rd party cookies” and they represent a new way in which users can be tracked across multiple web sites.
— Lou Montulli, in his blog The Irregular musing of Lou Montulli

This sort of data sharing is a particularly controversial topic nowadays given (1) the recent Facebook data leak and (2) how a foreign government used personalized ads to influence the 2016 US Presidential election.


How Have Cookies Evolved?

Cookies have not changed a lot since they were invented 24 years ago. The biggest changes are how users can view and control cookies.

Nowadays, users can disable 3rd party tracking cookies. For example, in Chrome, you can go to chrome://settings/content/cookies and then check the box that says “Block third party cookies”


Are Cookies Going to Be Replaced?

Probably not. Cookies seem pretty essential to the Internet. If we replaced cookies, that would be a huge headache for web developers and probably a fruitless endeavor, since something else would crop up to accomplish advertiser’s goals.

A more likely scenario is that a combination of government policy and public pressure will keep pushing data privacy laws along and cookies will evolve to better protect user privacy.


About the Author:

My name is Nicolai and I’m currently a full-time student at Make School studying Web Development. I’ve been exposed to cookies in multiple different contexts. For example, as Make School’s former Head of Marketing, we used cookies to (1) run targeted ads, (2) run A/B tests, and (3) learn about user behavior in analytics tools like Mixpanel. Later, as Make School’s Head of Product, our Engineering team and I used cookies to (4) keep users logged in, (5) maintain progress through online tutorials before a user logs in, and (6) store referral and discount data. More recently, I’ve been learning about Data persistence in Make School’s BEW (Back End Web) curriculum.

Make School

A collection on technology, startups, and the future of education.

Nicolai Safai

Written by

Software Engineer | PM | Interested in Music, Design, Psychology & Education. “Make it Happen Captain”

Make School

A collection on technology, startups, and the future of education.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade