The Purpose And Types Of Cookies Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Cookies are the key way for web applications to authenticate HTTP (Hypertext Transfer Protocol) requests and to maintain client states. HTTP works in a request-response fashion. First, a client sends a request to a server. Next, the server processes the request and sends back a response to the client. Then, the connection between the client and the server is dropped and forgotten. The HTTP server treats each request independently (stateless), meaning that once the server has sent a page to the browser requesting it, the server does not remember anything about the request. Therefore, if a user were to return to the page again, the server will consider it to be the users first time. This can become annoying because the server cannot remember if the user initially identified themself when they want to re-access a page.

According to Netscape, cookies are "a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection" (Kyrnin Magic). In simple words, a cookie is a very small piece of text information that is stored on the user's hard drive by their web browser. When a server needs to remember information for a client, the server creates a cookie that contains the information and sends the cookie to the client. The client then stores the cookie either in memory or on a hard disk. The client later attaches the cookie to every following request to the server.

A cookie can be used for authentication, shopping cart contents, storing site preferences, the identifier for a server-based session, or anything else that can be accomplished through storing text data (HTTP).  Cookies may be set by the server with or without an expiration date. Cookies with an expiration date are stored by the browser until the expiration date passes and cookies without an expiration date exist until the browser closes.

Each cookie has a domain and a path. The purpose of the domain is to allow cookies to cross sub-domains. The domain tells the browser to which domain the cookie should be sent. If the domain is not defined by the user, the domain of the requested page is set by default for the cookie (JavaScript). The path gives the user the opportunity to state the directory where the cookie is active. Usually the path is set to "/", which means the cookie is valid throughout the entire domain (JavaScript).

History of cookies

Cookies were originally invented by Netscape to give 'memory' to Web servers and browsers (JavaScript). Web cookies were created by computer programmer Lou Montulli when he had the idea of using regular cookies in Web communication in June 1994 (HTTP). The word "cookie" comes from "magic cookie," a computer science term for a piece of information shared between co-operating pieces of software (DOI).

Types of Cookies

There are two main types of cookies called session (temporary) and persistent (permanent). Session cookies are used as communication between webpage's and are stored in the computer's memory for the duration of a users' browsing session, after which are deleted when the browser is closed. Unlike session cookies, persistent cookies are not deleted when the browser is closed. A persistent cookie retains a users' information for a particular website in order to be used again in the future. They will remain on the hard drive until the limited space for cookies are full or the time stamp on the cookie expires (Kyrnin Magic).

First-party cookies are created by the Web site the user visits and are necessary to keep track of their personal preferences. Third-party cookies are created by a Web site other than the one the user is currently visiting i.e. advertisements. The purpose of third-party cookies is usually to track the users surfing habits, which is why they are considered an invasion of privacy (Magic). The standards for cookies, RFC 2109 and RFC 2965, specify that browsers should protect user privacy and not allow third-party cookies by default. However, most browsers, such as Mozilla Firefox, Internet Explorer, Opera, and Google Chrome do allow third-party cookies by default, as long as the third-party website has Compact Privacy Policy published (HTTP).

A Web browser can be configured so that only first-party cookies coming from the originating site are maintained. It can also be set to prevent all cookies from being stored in your computer, but that severely limits the Web surfing experience. To change settings, look for the cookie options in your browser in the Options or Preferences menu (Magic).

Are cookies dangerous?

Cookies are not dangerous. They are small pieces of text, not computer programs and they cannot be executed. Because they are not executed, they cannot replicate themselves, nor can they be used to broadcast viruses. According to the Computer Incident Advisory Capability (CIAC) "[the] vulnerability of systems to damage or snooping by using web browser cookies is essentially nonexistent" (Kyrnin Magic).

It is important to remember that a cookie can only know what the user provides it. If the user fills out a form with their name, address, and phone number, that information can be stored in an HTTP cookie on their machine.


Due to the browsers' mechanism to set and read cookies, they can be used as spyware. Anti-spyware products may warn users about some cookies because cookies can be used to track computer activity later causing possible malware (HTTP). The easiest way to secure your computer against the dangers of cookies is to get one of the latest browser versions and set the cookie settings to block all.

Depending on the browser type, the user may be alerted when a site is about to set a cookie on their hard drive. Most modern browsers now give users three options: accept all cookies, accept only cookies from the same server, or deny all cookies. Most browsers will also alert the user when they are prompted for a cookie so that the user can accept or decline it. However, this can be problematic, as most websites load dozens of cookies the first time the user visits (Kyrnin Magic).

Some websites forces the user into accepting cookies, in order for the website to function properly. Therefore, in some cases it is not wise to deny cookies completely as part of your security settings (Understanding Part3). Instead it is better to use the web browsers cookie manager. This allows the user to selectively delete the cookies currently stored in the browser. Some browsers also give the user the power to see the cookies that are active with respect to a given page by typing javascript:alert(document.cookie) in the browsers' URL field (HTTP).

Can cookies threaten a users' privacy?

Cookies are stored on the computer's hard drive; they cannot access the hard drive. Thus a cookie cannot read other information saved on the hard drive (DOI).  To protect your privacy, it is helpful for the user to constantly delete cookies. However, in some Web browsers such as Internet Explorer and MSN, even if you delete cookies manually, the cookies index.dat file stores Internet surfing information which cannot be deleted manually as it is used by Windows all the time (General). Using clear history software the user cannot only delete cookies in Web browsers, but also delete cookies index.dat file automatically.

Cookies make the interaction between users and web sites faster and easier. Without cookies, it would be difficult for a web site to remember the user's preferences or registration details for a future visit. Web sites use cookies mainly because they save time and make the browsing experience more efficient and enjoyable.