HTTP Cookies

5 September 2024

What is a cookie?

Cookies are a persistent key-value data object in the browser. They were invented by early Netscape programmer Lou Montulli.


What is the purpose?

HTTP requests are a stateless medium of exchange between a client and server. Cookies are simply a plain text file located in the browser to save and track information related to the user. They are used in the HTTP Request/Response Objects during client and server communications. The creation of cookies allows businesses and developers to have greater control over the end-users online experience.


What is the benefit?

Lou Montulli once said that using the internet was like "talking to someone with Alzheimers disease", referring to lost state of online sessions. For example when I use amazon.com, I am able to add items to my cart and they remain there forever until I choose to remove them. This feature is thanks to browser cookies. These days there are a variety of storages options within browser with different purposes such as local storage, session storage, or IndexDB. Cookies are unique because they can be packaged inside the HTTP Request/Response objects which touch the server.


Any security vulnerabilities?

Beware of evil hackers. Websites typically ask the user to accept their cookies. Hackers may attempt to intercept your session's cookies in order to compromise your data using techniques such as cross-site-scripting (XSS) and cross-site request forgery (CSRF). So be alert when clicking links.


Is it hindering my privacy?

Third party cookies have privacy concerns. In the Chrome browser, third party sites inject cookies into your browser to track your behavior so they can show you personalized ads. Safari and Mozilla don't allow third party cookies. Google recently announced that Chrome will be removing third party cookies from its default settings by 2025. Ads are a large part of Google's business so they are still unsure of how to handle this new consumer demand.