Cookies are essentially pieces of code saved by websites onto the user’s web browser when a session is initiated. As you must know, there are different types of browser cookies and they have a lot of uses. But the most important ones are session management, user personalization, and tracking.
Cookies are not programs, they do not perform any functions. These are simple text files that can be opened using Notepad. In ad tech, cookies are used to track users across the web. For instance, if a user visits a website, then the cookies of that website will be saved on the browser. Now when the user visits the website again after a few days, the website will know it is the same user. Some cookies can track users across websites and devices.
Here are the different types of web cookies:
Ever since the E.U. voted to bring in compulsory cookie warnings in 2012, the small browser-based files have never been far from people’s minds. In fact, all types of cookies are not born equal. And as a result, there are lots of different types of browser cookies out there. Some are good, some are bad. Now let’s go through more details about this issue.
Types of Browser Cookies
1. HTTP-Only Cookies
Secure cookies are often also HTTP-only cookies. The two flags work in tandem to help to reduce a cookie’s vulnerability to a cross-site scripting (XSS) attack.
In an XSS attack, a hacker injects malicious code into trusted websites. A browser cannot tell that the script should not be trusted. Therefore, the script can access the browser’s data about the infected site, including cookies.
A secure cookie cannot be accessed by scripting languages (like JavaScript), thus protecting it against such attacks.
2. Session Cookies
Imagine trying to shop on Amazon if you couldn’t fill your cart until you were ready to check out. You’d have to remember all the items you wanted to buy as you browsed the site.
Without session cookies, that situation would be a reality.
It’s easiest to think of session cookies as a website’s short-term memory. They let sites recognize you as you move from page to page within their domain. Without the session cookies, you’d be treated as a new visitor every time you clicked on a new internal link.
Actually, they don’t collect any information about your computer, and they contain.
They do not collect any information about your computer, and they contain no personally identifiable information that can link a session to a particular user.
Session cookies are temporary; when you close your browser, your computer will automatically delete them all.
3. One of the Different Types of Browser Cookies Is “Secure Cookie”
The three types of cookies we’ve covered so far are the most well-known and the most common. But there are a few others you need to be aware of.
The first is a secure cookie. It can only be transmitted over an encrypted connection. Typically, that means HTTPS.
As long as the cookie’s “Secure” attribute is active, the user agent will not transmit the cookie over an unencrypted channel. Without the Secure flag, the cookie is sent in clear text and can be intercepted by unauthorized third-parties.
However, even with the Secure flag, developers should not use a cookie to store sensitive information. In practice, the flag only protects a cookie’s confidentiality. A network attacker could overwrite secure cookies from an insecure connection. This is especially true if a site has both an HTTP and HTTPS version.
4. First-Party Cookies
Also known as persistent cookies, permanent cookies, and stored cookies, first-party cookies are akin to a website’s long-term memory. They help sites to remember your information and settings when you revisit them in the future.
Without these cookies, sites would not be able to remember your preferences such as menu settings, themes, language selection, and internal bookmarks between sessions. With first-party cookies, you can make those selections on your first visit and they will be consistent until the cookie expires.
Most persistent cookies expire after one or two years. If you do not visit the site within the expiration time frame, your browser will delete the cookie. You can also remove them manually.
First-party cookies also play an important role in user authentication. If you were to disable them, you would need to re-enter your login credentials every time you visited a page.
On the downside, companies can use persistent cookies to track you. Unlike session cookies, they do record information about your browsing habits for the entire time that they are active.
5. Flash Cookies
A Flash cookie is the most common type of supercookie. In case you’re not aware, a supercookie performs many of the same functions as a regular cookie, but they are more difficult to find and delete.
In the case of Flash cookies, developers use the Flash plugin to hide cookies from your browser’s native cookie management tools.
Flash cookies are available to all browsers (so using one browser for your credit card and one for downloading torrents would have negligible security benefits). They can hold 100KB of data compared to an HTTP cookies’ mere 4KBb.
6. Third-Party Cookies
Third-party cookies are the bad guys. They are the reason that cookies have such a bad reputation among internet users.
Let’s take a step back. In the case of first-party cookies, a cookie’s domain will match the domain of the site you’re visiting. A third-party cookie originates from a different domain.
Because it is not coming from the site you’re looking at, a third-party cookie is not providing any of the benefits of session cookies and first-party cookies that we just discussed.
Instead, it has one sole focus—to track you. The tracking can take many forms; the cookies can learn about your browsing history, online behavior, demographics, spending habits, and more.
Because of their ability to track, third-party cookies have become a favorite of advertising networks in a bid to drive up their sales and pageviews.
Today, most browsers provide a straightforward way of blocking third-party cookies. We strongly recommend that you take the necessary steps in your browser of choice.
If you’re using Chrome, go to More > Settings > Advanced > Privacy and Security > Content Settings > Cookies > Block Third-Party Cookies.
7. “Zombie Cookie” Is One of the Different Types of Browser Cookies
A zombie cookie is closely tied to a Flash cookie. A zombie cookie can instantly recreate itself if someone deletes it. The recreation is possible thanks to backups stored outside a browser’s regular cookie storage folder—often as a Flash Local Shared Object or as HTML5 Web Storage.
The recreation relies on Quantcast technology. Because Flash cookie stores a unique user ID in Adobe Flash player’s storage bin, Quantcast can reapply it to a new HTTP cookie if the old one is removed.
8. Persistent Cookies
As the name suggests, persistent cookies stay on the user’s browser for a very long time. Generally, persistent cookies are required to have an expiration date which could be anything between a second to 10 years. Persistent cookies are used by publishers to track a single user and his/her interaction with their website. To check whether your browser has persistent cookies, try this. If you are logged in to Gmail on the browser, then close the tab(s) and restart your device. When your device turns back on, open the same browser and visit the same service or account, if you are still logged in, then you have persistent cookies saved on browser.
Browsers are making it harder to use cookies. Web browsers like Firefox and Safari are updating their products to kill these cookies as soon as users are done with the websites.
Take Control Over Your Cookies
It is note worth to realize that all cookies are not bad. Without them, the web would not be able to function in the way we have come to expect.
Nonetheless, knowing how to manage your cookies is an essential part of keeping yourself safe online. If you would like to learn how to have a private web browsing, read our article about it.
