SolutionBase: Understanding how cookies work

Cookies store bits of information about you when you visit a Web site. But what's really inside of one? In this article, Luke Swagger shows you.

In a large metal bowl cream, take 1 stick of butter with 2 cups of sugar. Ok, so we are not going to talk about chocolate chip, oatmeal, or sugar cookies. Today, we are going to discuss cookies of the technological variety. Unless you've been asleep for the last 10 years, you've probably heard the term cookies and how they're used by web sites and browsers. In this article, we'll look at what's inside of them and how they work.

What's a cookie?

A cookie is a small text file that a web site stores on your PC's hard drive. The cookie stores info about your specific visit to that site. But don't panic quite yet. Cookies are NOT programs and therefore cannot run like programs. web sites can be programmed to read data from the cookies and write information to them, but the cookies themselves don't do anything.

There are different types of cookies. A first-party cookie stores information only from the website you are on. A third-party cookie stores information for another website than the one you're currently viewing but is hosted by the first-party one. websites sometimes use third-party for advertisers.

Cookies make it easy for web designers to personalize sites. They also can be used for authentication purposes. For example, when you surf to TechRepublic, you'll notice that your name appears at the top of the site every time after you log in. That's because there's a cookie stored on your workstation that stores your TechRepublic login information. Your TechBooks information is stored in a separate cookie because the TechBooks access information comes from a third party, Books 24x7.

Cookies are a hot topic because of all of the concern about privacy and security. Many anti-spyware programs target and eliminate tracking cookies used by third parties as part of their battle against spyware. Additionally, cookies can be a security concern in an environment where you have multiple machines. For example, if you walk away from your computer, a co-worker can access your TechRepublic account by simply sitting at your machine.

Where's my cookie jar?

You can find the cookies on your system by going to the Documents And Settings folder on your Windows XP workstation. Other versions of Windows and other operating systems will store cookies in other locations, but for the purposes of this article, I'm just going to concentrate on XP. In the Documents And Settings folder, you'll see a set of user names. These are the profiles that can access your system.

Double-click a folder to open it. You'll see another set of folders. Cookies are stored in the Cookies folder. If you open that one, you'll probably be shocked to see the number of files in there. They represent cookies from all of the web sites you've ever visited, along with partner sites.

Firefox, Mozilla, Netscape, Opera, and other web browsers will store cookies in different places. Therefore, if you're using another web browser, you should become familiar with where they store their cookies if you want to clear or view them. For example, you can view and clear cookies in Firefox by clicking Tools | Options | Privacy | Cookies.

You can download special extensions for Firefox that help you gain control over cookies. To do so, just visit the Firefox Extensions web site.

What's in a cookie?

Just as edible cookies are baked according to a specific recipe, so are Internet cookies. There are certain things that are found in every Internet cookie:

  • Name: The name of the cookie
  • Value: The information the cookie is storing
  • Expiration Date: The date after which the cookie's information isn't valid
  • Path: The path on the domain where the cookie information goes
  • Domain: The name of the domain that is issuing the cookie
  • Secure connection: This setting indicates whether the browser must communicate with the site over a secure connection such as https://

If you try to edit a cookie with a text editor, you may notice that it doesn't make much sense. For example, here's a cookie off of my machine:

















Doesn't make a lot of sense to a human, but when passed to a web site, it contains a lot of information.

How do cookies work?

web sites are programmed to read and write cookies to your computer through your web browser. Using simple http protocols, the site transmits the cookie to your browser. It stays in memory as long as the browser is open and on that site. If the expiration date hasn't passed and you leave the site or close the browser, the browser writes it to disk.

The next time you visit the site, it will ask the browser to check to see if a cookie exists for the site. If it does, the browser reads it and passes the stored information to the site. If not, a new cookie is created.