HTTP cookie

Synonyms

computer cookie

A small string of information sent by a web server to a web browser that will be sent back by the browser each time it accesses that server.

Cookies were invented by Netscape to make it easier to maintain state between HTTP transactions. They can contain any arbitrary information the server chooses to put in them.

The most common use of cookies is to identify and authenticate a user who has logged in to a website, so they don't have to sign in every time they visit. Other example uses are maintaining a shopping basket of goods you have selected to purchase during a session at an online shop or site personalisation (presenting different pages to different users).

The browser limits the size of each cookie and the number each server can store. This prevents a malicious site consuming lots of disk space on the user's computer. The only information that cookies can return to the server is what that server previously sent out.

The main privacy concern is that it is not obvious when a site is using cookies or what for. Even if you don't log in or supply any personal information to a site, it can still assign you a unique identifier and store it in a "tracking cookie". This can then be used to track every page you ever visit on the site. However, since it is possible to do the same thing without cookies, the UK law requiring sites to declare their use of cookies makes little sense and has been widely ignored.

After using a shared computer, e.g. in an Internet cafe, you should remove all cookies to prevent the browser identifying the next user as you if they happen to visit the same sites.

Cookie Central.

Stupid cookie law.