Cookies are files that contain small pieces of data — like a username and password — that are exchanged between a user's computer and a web server to identify specific users and improve their browsing experience.

For example, cookies let websites recognize users and recall their individual login information and preferences, such as sports news versus politics.

Shopping sites use cookies to track items users previously viewed, allowing the sites to suggest other goods they might like and keep items in shopping carts while they continue shopping.

Cookies are created when users visit a new website, and the web server sends a short stream of information to their web browsers. That cookie is only sent when the server wants the web browser to save the cookie. In that case, it will remember the string name=value and send it back to the server with each follow-on request.

If a user returns to that site in the future, the web browser returns that data to the web server in the form of a cookie.

The name "cookie" comes from "magic cookies," coined by web browser programmer Lou MOntulli. The terms refers to packets of information that are sent and received without changes. The analogy to the munchable baked good is coincidental, although appropriate.

Cookies Have Many Flavors

With a few variations, cookies in the cyber world come in two flavors: session and persistent. Session cookies are used only while navigating a website. They are stored in random access memory and are never written to the hard drive.

When the session ends, session cookies are automatically deleted. They also help the "back" button or third-party anonymizer plugins work. These plugins are designed for specific browsers to work, and help maintain user privacy.

Persistent cookies remain on a computer indefinitely, although many include an expiration date and are automatically removed when that date is reached.

Persistent cookies are used for two primary purposes:

  • Authentication: These cookies track whether a user is logged in and under what name. They also streamline login information so users don't have to remember site passwords.
  • Tracking: These cookies track multiple visits to the same site over time. Some online merchants, for example, use cookies to track visits from particular users, including the pages and products viewed. The information they gain allows them to suggest other items that might interest visitors. Gradually, a profile is built based on a user's browsing history on that site.

Beware Third-Party Cookies

Third-party cookies are more troubling. They are generated by websites that are different from the web pages users are currently surfing, usually because they're linked to ads on that page.

Visiting a site with 10 ads may generate 10 cookies, even if users never click on those ads.

Third-party cookies let advertisers or analytics companies track an individual's browsing history across the web on any sites that contain their ads. Consequently, the advertiser could determine that a user first searched for running apparel at a specific outdoor store before checking a particular sporting goods site and then a certain online sportswear boutique.

Some third-party cookies may be zombies. Zombie cookies are permanently installed on users' computers, even when they opt not to install cookies. They also reappear after they've been deleted. When zombie cookies first appeared, they were created from data stored in the Adobe Flash storage bin. They are sometimes called flash cookies and are extremely difficult to remove.

Like other third-party cookies, zombie cookies can be used by web analytics companies to track unique individuals' browsing histories. Websites may also use zombies to ban specific users.

Cookies Themselves Aren't Harmful

Because the data in cookies doesn't change, cookies themselves aren't harmful. They can't infect computers with viruses or other malware, although some cyber attacks can hijack cookies and, therefore, browsing sessions. The danger lies in their ability to track individuals' browsing histories. Such "Big Brother" type of behavior can pose a security concern.

Allowing or Removing Cookies

To streamline surfing, users can find the cookie section — typically under Settings, Privacy — and click the boxes to allow cookies. Sometimes the option says, "Allow local data." Kaspersky Lab offers step-by-step instructions for removing cookies from the most popular web browsers.

Removing normal cookies is easy, but it could make certain web sites harder to navigate. Without cookies, users may have to re-enter their data for each visit. Different browsers store cookies in different places, but the Settings, Privacy section — sometimes listed under Tools, Internet Options, or Advanced — is most common. Options are available to manage or remove cookies.

Before removing cookies, evaluate the ease of use expected from a website that uses cookies. In most cases, cookies improve the web experience, but they should be handled carefully.

Related articles:

Related products:

What Are Cookies?

Cookies are files that contain small pieces of data that are exchanged between a user's computer and a web server to identify specific users and improve their browsing experience.
Kaspersky Logo