What are browser cookies and how are they used?

Home » Web » Browsers

Summary: Browser cookies are a way that web sites can leave information on your computer that they can use when you return to their site. Simple and powerful.

In a previous question What can a website I visit tell about me? I discussed the information that's made available to all websites no mater what they do. The original question included:

Can [a] site collect the following information:

- My computer name (the name I assigned to my computer)?

- Profile information???

- My browsing history (any/all sites I've visited and when) or can they just tell the number of items in my history?

- Email addresses associated with my computer?

The strict answer remains "no" to the question as posed, but in reality things aren't quite that simple.

For example, web sites can remember what you tell them, and we often tell them more than we think.

And the remembering? That's typically using something called a "browser cookie".

•

Cookies are nothing more than data a website can place on your computer that's automatically sent by your browser the next time you visit the same site.

It's called a cookie because it doesn't have to be anything specific. It could, for example, just be a flag that you've visited the site before, or perhaps a number that somehow identifies you to that site.

For example, when you visit Ask Leo! and you see the newsletter subscription pop-up, a cookie is placed on your machine that says "ask-leo.com: this person has seen the newsletter pop-up, don't show it again". The next time you visit a page on ask-leo.com from the same computer and browser that cookie is automatically sent along with your page request and the site knows not to bug you with that newsletter popup again. (By the way, if it does check out this article.)

Another example is a site where you need to login. A cookie might be used to "remember" your login name.

"A site might know your name ... but only because you told it your name the first visit."

The first time you visit such a site, you type in your login name and password, and perhaps click a button labeled "remember me". Once the login is successful, the site might put a cookie on your machine that says "username=Fred". The next time you visit that site that cookie is automatically sent with your page request, and the site "knows" that you're Fred, and pre-fills in the username field.

The most interesting example appears at first to be a little more obscure but is ultimately the most powerful for the website operator.

The first time you visit a site, you register and login. The site then places a cookie on your machine not with anything you'd recognize, but instead with some kind of unique identifier. Perhaps a retail store will place your specific customer number in a cookie on your machine. Now, when you return to that store's web site your computer automatically provides your customer number, and the web site knows that you're a returning customer. So far so good.

But the store has been collecting data about you as you've shopped and made purchases. A simple store might use your customer number to pre-load your shipping address for you when it comes time to check out. That's not stored on your computer, but on the store's computers. Since it knows who you are, by virtue of the customer number stored in a cookie (and perhaps your subsequent login - important for security, but not technically required), they can access their own database of customer information and retrieve your shipping address.

Some stores go even further - greeting you by name the moment you return before you even login, and customizing the products that they display specifically based on what they can see are your previous interests and purchase habits.

All because a single cookie they placed on your machine lets them know immediately who you are.

•

Now, before we go getting all paranoid, it's important to realize that not just anyone can see every cookie.

For example, cookies associated with "ask-leo.com" cannot be read by any other site. So yes, you might be sending more information to ask-leo.com (the information that says you've already seen my popup, for example), but that information only goes to ask-leo.com and no other.

Similarly, your customer number at http://reallybigbookstore.com/ would be stored in a cookie that's accessible only to reallybigbookstore.com and no one else.

It's also important to note that cookies only contain information that's been placed there by web sites, and thus can only contain information that the site already knows. A site might know your name, and send that in the second and subsequent visits - but only because you told it your name the first visit.

Cookies are nothing more than a way for websites to remember something - anything they choose to remember - from visit to visit.

Are you interested in what cookies are on your machine? You can check 'em yourself:

In Internet Explorer:

Click on the Tools menu
Click on the Internet Options menu item
Click on the General tab, if it's not already showing
In the section labeled "Browsing history" click on the Settings button
Click on the View files button

In the resulting view, everything that begins with "cookie:" is a cookie placed by the named site. You can view the cookies in notepad, if you like, but generally, the information within a cookie is rarely meant to be read by humans, so it might not make a lot of sense.

In FireFox:

Click on the Tools menu
Click on the Internet Options menu item
Click on the Privacy tab
Click on the Show Cookies... button

Once again, listed by site, are the cookies FireFox has collected on your computer. Firefox happens to do a better job of displaying the contents of cookies for you, though once again they still might not make a lot of sense.

•

Cookies, in and of themselves, are nothing to be concerned about. They enable a tremendous amount of functionality on the web. If you were to disable cookies completely you'd quickly find that a bunch of stuff would stop working, or become really, really inconvenient.

However.

Cookies can be used in some interesting ways to tell more about you than you might expect...

There's another layer to the whole cookie discussion that we'll investigate in What are tracking cookies and should they concern me?.

Related:

What can a website I visit tell about me? Websites can collect a fair amount of information about you. In this first step we look at what every website sees no mater what it does.
What are tracking cookies and should they concern me? Cookies are placed on your machine by websites, but often more websites than you realize. We'll review cookies and how third parties can use them.
How do I delete cookies? And just what are cookies, anyway? Deleting cookies is an easy task. Whether it's absolutely necessary or not is another matter.
Will deleting cookies free up room in my computer's memory? Deleting cookies will clear up a little disk space, and may or may not actually free up a small amount of your computer's memory.

Article 12714 | Posted September 25, 2008

•