What are computer cookies? Are they secure ?

Cookie law

What is a cookie?

A cookie is a small file which is stored on users’ computer. They are designed to hold a modest amount of data specific to a particular client and website and can be accessed either by the web server or the client computer. This allows the server to deliver a page adapted to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.

web cookie comic

 

Types of cookies

  • Session cookie

It’s designed to save your session id, exists only in temporary memory while the user navigates the website.

Web browsers normally delete session cookies when the user closes the browser.

  • Persistent cookie

A persistent cookie expires at a specific date or after a specific length of time.

The cookie’s lifespan (which can be as long or as short as its creators want).

The information will be transmitted to the server every time the user visits the website or every time the user views a resource belonging to that website from another website (such as an advertisement).

Persistent cookies are also referred to as tracking cookies because they can be used by advertisers to record information about a user’s web browsing habits over an extended period of time.

They are also used to keep users logged into their accounts on websites.

They reset if the expiration time is reached or the user manually deletes the cookie.

  • Secure cookie

A secure cookie can only be transmitted over an encrypted connection.

They cannot be transmitted over unencrypted connections.

This makes the cookie less likely to be exposed to cookie theft.

  • Supercookie

Supercookies can be a potential security concern and are therefore often blocked by web browsers.

If unblocked by the browser, an attacker in control of a malicious website could set a supercookie and potentially disrupt or impersonate legitimate user requests to another website that shares the same top-level domain or public suffix as the malicious website.

For example, a supercookie with an origin of .com could maliciously affect a request made to example.com, even if the cookie did not originate from example.com. This can be used to fake logins or change user information.

  • Zombie cookie

It’s a cookie that automatically recreates himself after being deleted.

This happens by storing the cookie’s content in multiple locations, such as Flash Local object, HTML5 Web storage, and other client-side.

When the cookie’s absence is detected, the cookie is recreated using the data stored in these locations.

Wich cookies do my website use?

There are multiple ways to find that.

We prefer to use a browser extension that tracks the cookies of your website live. It’s called EditThisCookie, and the extension is available for Google Chrome here and Opera browser here.

As soon as you install you’ll see a little cookie on your top, right corner. Click on the cookie icon and it will tell you what cookies your website use.

In the example below, we were on google.com.

edit this cookie

What all these cookies do?

There is an enormous number of cookies out there, and it’s impossible to know every single one of them.

That being said you can use a database with the definitions of the cookies to help understand the purpose of each cookie.

For example, you can visit Cookiepedia, it’s a database for cookies and has an explanation for what they do.

You can search for the desired cookie then copy the description into your website to inform the user why you’re using those cookies. Although it is a very complete database it might not have every single cookie, so if you can find there with a simple google search you’ll find the purpose of a certain cookie.

 

Find how to add cookies to your GDPR software GetComplied

Was this post helpful?