One of the most common complaints from visitors to websites is the inability to log in. In response to complaints, webmasters are usually advised to "clear cookies". Online stores sometimes give a message about the need to enable cookies and even refuse to work without this setting. Surprised by this turn of affairs, users then turn to the omniscient search engines with a simple question: but, in fact, cookies – what is it?
Since the management of cookies in browsers is usually located in the "Confidentiality" or "Privacy" menu, and in the online press they are most often mentioned in the context of a security risk, many users have the impression that cookies are something akin to a virus, or at least a breach in protection of access to personal data. Fuel is added to the fire by not-too-skilled webmasters, who still copy articles wandering from site to site claiming that cookies store passwords, and even that they store data entered into forms. But before we debunk the myths, let’s look at what cookies really are and how they work.
What are cookies? Cookies themselves are just a small file or set of files with textual information. This file is created on the user’s computer when they visit a site that uses this technology.
Let’s look at an example. Now many resources provide for user authorization. An authorized user has more rights than an unauthorized user. For example, the right to post messages can only be granted to registered and authorized users. Or more site content is available to them. The problem is that without additional tricks, the server "does not remember" users.
In other words, by moving from the authorization page to another page, the user again turns into a regular unauthorized visitor for the server. One of the tools to avoid this is cookies. When moving from page to page, the server each time requests data from the cookie from the user’s computer. From them, he finds out exactly who is requesting the information, then determines whether this user is allowed access to the information he requested and, based on this, issues it or refuses it.
Cookies have a special role when using online stores. After all, from the choice of goods to the completion of the order is not one step. And if the buyer needs more than one product, then all the time while he walks through the virtual store, previous purchases should be stored in the basket. It is unlikely that anyone will like it if, finally choosing the second item, he finds that the first one has disappeared from the basket without a trace. An indication of which products the buyer has chosen is stored in cookies. Now it is clear why online stores are so sensitive to the fact that cookies are disabled in the browser.
So, we have already considered two of all the possible useful uses of cookies – the identification of authorized users on websites and the storage of information about purchases in online stores. But there are more ways. For example, affiliate programs are now widespread. They last for months or even years. All this time, a string of characters is stored on the user’s hard drive, which encodes all the information needed to ensure that at hour "X", i.e. when the user buys a product or service, the partner, through whose link the transition to the site seller, received his percentage.
Cookies allow you to create a comfortable working environment. This is especially true for those sites where the visitor does something, and not just reads the texts. One has only to set up the site for oneself and in the future the server, with the help of cookies, will always “recognize" the user and provide him with a familiar interface.
Cookies are widely used in hit counters, voting and rating systems. They are used so that the server can determine that this user has already followed the link or voted. In other words, cookies are responsible for preventing cheating. This protection is not very reliable, but sufficient for ordinary users.
Cookies, being plain text, cannot harm a computer in any way, especially since their number and size are limited. Cookies are just a container, a store for information. But the information itself can be anything (within the limits that the browser imposes on the size of the cookie file). And, therefore, it is important what is placed in cookies and who has access to them.
Let’s look at an example again. Perhaps the most common use of cookies is advertising. Ad networks and individual sites want to track how users view advertisements. They remember in cookies which ads the user has already watched and which has not yet; what topics are of interest to him; who needs to pay for attracting a user to the site.
If a separate site has set its cookies, then leakage of personal data is hardly possible. But if we are talking about large advertising networks, the code of which is available on almost all sites, such as Google Adwords, then the situation changes dramatically. Google has the ability to collect statistics on almost everything a person does on the Internet. And if on any of the sites the user enters his first and last name, then it becomes possible to associate all this activity with a real person.
Thus, cookies are one of the serious potential causes of privacy violations on the Web. Whether to consider the data posted about oneself valuable, whether to sacrifice the convenience that cookies provide in order to reduce the likelihood of leakage of personal data is up to the Internet user.
But other claims to cookies are the responsibility of programmers. For example, the notorious storage of passwords. Yes, since any text of a small size can be stored in cookies, both login and password can be stored there. But now only a completely “green” newcomer is capable of this, neglecting to read at least some professional sources. Any serious site stores logins and passwords in a database on the server, and in cookies it saves only a certain conditional visitor identifier, and issues this identifier for a short time, so even if a hacker manages to intercept information from cookies, it will not help him gain access to user account.
As we have seen, the use of cookies brings real benefits, but also carries some dangers. A radical way – disabling cookies in the browser, brings significant inconvenience to the use of many sites. Deleting cookies manually using the built-in browser tools is very time-consuming. Therefore, special programs have been created – cookie managers – that automate the management of cookies.
These programs allow you to delete all cookies with one click, delete individual cookies or, conversely, delete all cookies except those belonging to selected sites. It is also possible to pre-set cookies for individual sites. For example, you can allow cookies for some sites and disable them for others. You can prevent the storage of long-term cookies, i.e. cookies will work until the browser window is closed, and then deleted. It is possible to "protect" cookies for individual, most trusted and trusted sites so that they are not deleted during any operations.
Thus, with some additional effort, cookies can bring tangible benefits to the user, and at the same time not be a source of concern for the safety of confidential data.