Clearing Concepts on Cookies!
You may have surpassed through the word ‘cookies’ a million times you are surfing the internet. It usually pops up on your screen whenever you enter a website. You might be misinterpreting this with the cookies you eat with a sip of your morning coffee, but the ‘cookies’ I am talking about here are the web cookies.
Recalling History:
Cookies were developed in 1994 AD by Netscape Organization, the same organization that discovered the browser. It was made to optimize the storage of the server. Through cookies, every user’s information could be saved on their own devices rather than servers; hence it had less work and could save money.
How do cookies work?
Suppose you open your favorite online shopping website to order something for yourself. The website requests you to log in with your username and password. When you enter your login credentials, it is authenticated by the server through the database. The server exchanges your login credentials with a particular ID called ‘session ID’ that facilitates your device with full access to the website. When you log out of the website, the server will invalidate the ‘session ID,’ making you no longer have access to the rights of a logged user.
The session is generated by the server and is stored in the databases. You, as a client, only receive the session ID in exchange for your credentials. The ‘session ID’ is a randomly generated sequence of characters and numbers that is hard to guess. This ‘session ID’ is transferred from the server’s database to the browser through cookies. The above is a real-life example of cookie-based authentication.
Cookies are a medium of transferring session ID or simply the medium of communication between the browser(client) and the server. With each request, the browser sends cookies to the server. Technically, cookies are set using the HTTP (Hyper Text Transfer Protocol) headers. HTTP is a protocol that ensures that both the browser and server can understand each other.
What exactly are cookies?
Cookies are the files stored in the browser’s cache memory that keep user data. It helps the user to interact with the website according to their preference and remember it uses the user’s information for this purpose. Cookies are used to track, personalize and save the report. It helps in recording and maintaining the user session.
Understand cookies better:
You can think of ‘cookie’ as a library membership card. The library card holds a unique ID that checks if your membership is still valid, and then a book is granted to you. You can take the library card as cookies and the unique ID as ‘session ID.’ As your library card is helpful in the library but not in a bank, the same goes for cookies and session IDs. We can’t use the cookies with the session ID of a website in the other. When your library membership expires, you are no longer able to access the books from the library. Likewise, when your session ID expires, you can no longer enjoy the authority of a logged user.
As you can’t use your library card to visit the amusement park, likewise, cookies used on one website are not accessible on the other website.
Types of cookies
There are many types of cookies used on a website.
- Session Cookies: These cookies store the user’s information until they are on the website and delete it after the user exits it.
- Permanent (Persistent) Cookies: These cookies store the user’s information even after exiting the website. It learns the details such as Id, password, phone number and email that are taken input several times by the user.
- First-Party Cookies: The website creates these cookies for a better user experience. It collects user preference data and uses it accordingly to provide comfort while using the website.
- Third-Party Cookies: These types of cookies are implanted by the third party (neither the website nor the client) to research the user’s behavior on the website. It studies the user’s demographics and spending habits. It keeps track of each step we perform on the website. This type of information is sold to advertisers. These cookies may be a gateway for hackers to receive your information.
- Flash Cookies: This type of cookie is not stored in the browser’s history instead is stored in Adobe File and is not even mentioned in the website’s privacy policy. It facilitates cross-browser tracking and permanently remains on the user’s device. They can even respawn even if deleted and are named ‘zombie cookies.
Setting Cookies on a Website:
Cookies are placed on a website through the help of JavaScript. Libraries like Cookie Parser and JavaScript Cookies can help developers to work extensively with cookies.
Cookies are generally stored in the form of name: value pairs. We can check if the cookies are enabled on a website or not using the JavaScript syntax:
console.log(navigator.cookieEnabled);
If it returns true in the console, you have cookies enabled.
We set the cookies generally by:
document.cookies(“first = square”);
Cookies can have some set of attributes such as:
- expires: it sets a date until which cookie remains valid
- domain: it specifies the domain for which the cookie is valid
- path: it identifies the URL path for which the cookie remains valid.
- Secure: it submits the cookie only in HTTPS requests.
Syntax:
document.cookies(“click = true; expires = Sun, 1st Jan 2023 00:00:00 GMT; domain = mozilla.org; path = ‘/about’; Secure”);
Are cookies dangerous?
Cookies are not a source of computer viruses. However, this doesn’t make it harmless. Man in the middle can perform many cyberattacks through the use of cookies. As cookies store users’ valuable information regarding behavior and demographics, they can enable access to your browsing sessions and track browsing sessions.
Many Server-Site Scripting (XSS) attacks and Cross-Site Request Forgery attacks (CSFR) are made over the internet through the help of cookies.
As cookies are optional, we can limit the harm caused by cookies on our devices. Those who value their privacy rather than user experience can remove cookies on settings > privacy. You can clear up your cookies info to mitigate the risks of session hijacking and poisoning through cookies. There are even some browser extensions available for blocking such cookies.
So, the next time you see the annoying cookie banners on your screen. Take your time to click on ‘Agree’ or ‘Accept.’ Look at what cookies the website wants to store in your browser and for what purpose. Don’t let your digital footprints to be embedded on cookies.
