HTTP Cookies Explained
|
|
|
| 2.3/5.0 (3 votes total) |
|
|
|
Andrew Nielsen August 25, 2006
|
Andrew Nielsen |
Andrew Nielsen is a consultant an internet veteran who has spent the
last many years helping internet companies become more profitable.
Andrew is currently also helping business start ups and individuals make money online. Visit http://www.i-want-to-be-rich.com/ |
Andrew Nielsen
has written 1 articles for WebKnowHow. |
View all articles by Andrew Nielsen... |
An HTTP cookie is a small piece data. This data is sent by a web
server when a user loads a page and then sent back unchanged to the
server every time the user accesses the server. The purpose of this is
to allow the server to identify the individual users requesting web
pages from the server.
Cookies were invented to allow web servers to track and maintain
information about the contents of users’ electronic shopping carts.
Cookies allowed the server to uniquely identify which user was adding
or removing items from a shopping cart and thereby to keep track of
individual shopping carts. Without cookies, each interaction with the
web server had to be treated as a separate event, and there was no
obvious or accurate connection to a user’s previous actions.
Today, cookies are also used to keep track of user site preferences
and user behavior across multiple websites. The latter is used
primarily for advertising and involves tracking the user across
multiple websites and thereby targeting ads to the user. Even when a
user visits different websites served by different web servers, there
may be ads on such websites which are served from one server. This way,
the server providing the ads will be able to track the user. A cookie
can contain any (small) amount of data and will most often contain a
string randomly generated by the server. There is thus no personal
information stored in the cookie itself. The server may however store
personal information and user preferences if the user types these in on
the website. The cookie then allows the server to associate the
information stored in the server with the user, when the user visits
the website and the cookie is sent by the browser to the server.
Most browsers allow the user to decide if he or she will accept a
cookie from a web server. If the user declines, this disables the
functionality on the website utilizing cookies. If a website has
implemented an electronic shopping cart using cookies, it will thus not
be possible for the user to make a purchase without accepting the
cookie.
Cookies may have an expiration date in which case the browser will
not send the cookie to the server after expiration. Some cookies are
defined as non persistent, in which case they are deleted when the
browser is closed. Also, users may manually delete all or selected
cookies.
While the data in the cookie itself is not personal and a server can
only acquire personal information if the user explicitly discloses it,
cookies are seen as a cause for concern over data privacy. The main
reason for this is the tracking of user behavior over multiple
websites. For this reason, cookies have been subject to legislation in
United States, United Kingdom and other countries.
There are other areas of concern. If multiple users use the same
computer, user profile and browser they will appear as one user to the
web server. Also, cookies may be stolen, tampered with or an attacker
may listen to the connection between a server and user and thereby
snoop the cookie.
There are alternatives to using cookies each with their own
drawbacks. One alternative involves tracking the user by the IP address
from which the server receives the request for a webpage. This is
inaccurate as multiple users may share the same IP address or proxy
server. Other alternatives include HTTP authentication and embedding of
information into URLs.
In this article we described what cookies are and what they may be
used for. We have seen why they are a cause for concern over data
privacy and we have touched on the subject of alternatives.
|