Cookies are an extremely simple thing, but they are very useful for navigating the web. Website designers mostly use them because they can provide better user experience and make it easier to collect accurate information about the site's visitors. In this article, we will introduce you to the basic techniques of cookies as well as some of the features they allow.

What are cookies?

There is a definition somewhere that I have read that defines a Cookie as follows: A cookie is a program that websites place on your hard drive. They will stay in your computer and collect information about you and everything you do on the Internet, whenever the website wants, it can download all the information that the cookie has collected.

The above definition is completely wrong. The real problem here is, Cookies are not a program, they cannot run the same way programs run. Therefore, they cannot collect information about their owners. They also cannot access any personal information about you from your computer.

Here is a valid definition of a Cookie: A cookie is a piece of text that a Web server can store on a user's hard drive. Cookies allow a website to store information on a user's computer and then retrieve it. The pieces of information will be stored as name-value pairs.

For example, a website can generate a unique ID number for each visitor and store that ID number on each user's computer with a cookie file.

If you use Microsoft's Internet Explorer to browse the web, you can see all the cookies stored on your computer. The place where they usually reside is in a folder called c:\windows\cookies. When you look at that folder on your computer, you will see a lot of files. Each file is a text file containing name-value pairs and there is one file for each website that has placed a cookie on your computer.

You can see in the directory, these files are all very simple, they are regular text files. You can see which website has placed the file on your computer by looking at the filename (information is also stored inside the file). You can open each file by clicking on it.

For example, we visited, and the site placed a cookie on my computer. The cookie file for includes the following information:

  UserID AXAXBXCE0X6S9U2D has saved on my computer a name-value pair. The name of the value is UserID, and the value is AXAXBXCE0X6S9U2D. The first time I visited, the site assigned me a unique ID value and saved it on my computer.

(Note that there may be several other values ​​stored in the file. These are "butler" information for the browser.) stores more information, when looking at the cookie file Amazon created on my computer, it includes the following:

  session-id-time 954242000

  session-id 002-4135256-7625846

  x-main eKQIfwnxuF7qtmX52x6VWAXh@Ih6Uo5H

  ubid-main 077-9263437-9645324

It shows that Amazon stores a primary user ID and an ID for each session, and the time the session was started on my computer.

Most sites store only one piece of information - your user ID - on your computer. However, a site can store as many name-value pairs as it wants.

A name-value pair is simply a named piece of data. It's not a program, it can't do anything. A website can only retrieve information that it has placed on your computer. It cannot get information from other cookie files, nor can it get other information from your computer.

How is cookie data transmitted?

As you can see in the previous section, cookie data is simply name-value pairs stored by the website on your hard drive. That's all cookie data. Websites save data and then it retrieves this data. A website can only receive data that it has stored on your computer. It cannot peek into other cookies or anything on your computer.

The data is transmitted as follows:

  • If you type the URL of a certain website into the address bar, the browser will send a request to the website. For example, if you enter the URL into your browser, the browser will contact the Network Administrator's server and request its homepage.
  • When the browser does this, it will search your computer for the cookie file that the Network Administrator has set up. If it finds the Network Administrator's cookie file, the browser will send all name-value pairs in the file to the Network Administrator's server with the URL. If it doesn't find it, it won't send the cookie data.
  • Web server of the Network Administrator will receive cookie data and request for the home page. If it receives name-value pairs, the Network Administrator can use them.
  • If no name-value pairs are received, the Network Administrator knows that this is your first time accessing this website. Its server will generate a new ID for you in the Network Administrator's database and then send name-value pairs to your computer in the header for the web page it will send. Your computer will save these name-value pairs on your hard drive.
  • The web server can change name-value pairs or add new pairs whenever you visit the site and request the page.

There are many other pieces of information a server can send with name-value pairs. One of them is the expiration date expiration date. Another is the path (so the site can associate cookie values ​​with other parts of it).

You can control this process. You can set up options in your browser so that it alerts you every time a site sends name-value pairs. You can then accept or reject these values.

How do websites use cookies?

Cookies are opened because they solve a big problem for website operators. In the broadest sense, a cookie allows a site to store information about the state of your computer. This information allows a website to remember what your browser's state is. The ID is a piece of state information – if an ID exists on your computer, the site knows that you have visited it before. The status is, "Your browser has visited the site at least once" and the site knows the ID from that visit.

Websites use cookies in different ways. Here are some of the more commonly used cases:

  • The site can accurately determine the number of people visiting the site. The only way that a site can accurately count the number of visitors is to set a cookie with a unique ID for each visitor. Using cookies, sites can determine:
  • How many visitors come
  • How many new and repeat visitors.
  • How often a visitor visits the page.
  • The way a website can do this is by using a database. The first time a visitor arrives, the site generates a new ID in the database and sends the ID as a cookie. The next time this user visits again, the site can increment the count associated with the ID in the database and know the number of times the visitor visited the site.
  • The site can store user preferences to make a difference between visitors (so to speak, the website allows you to customize). For example, if you go to, it will give you the ability to change the content, appearance and colors. It also allows you to enter a zip code and can get information about the weather forecast by area. When you enter the zip code, the following name-value will be added to the MSN cookie file. WEAT CC=NC%5FRaleigh%2DDurham&REGION=
  • E-commerce sites can perform other tasks such as shopping cart and checkout options. The cookie will include an ID and allow the site to keep in touch with you when you need to add other things to your cart. Each item that you add to your cart is stored in the site's database along with your ID value. When you checkout, the site knows what's in your cart by retrieving all the necessary information from the database. Indeed it would not be possible to implement a convenient shopping mechanism without cookies or something like them.

In all of these examples, note that what the database can store is what you've selected from the site, what pages you've viewed, what information you've provided to the site on online forms. ... All of this information is stored in the site's database, and in most cases, a cookie consisting of a unique ID is all that is stored on your computer.

Problems with cookies

Cookies are not a perfect mechanism, however they do allow to do some things without which they would not be possible. Here are a few things that make cookies imperfect.

  • Users who frequently share computers – Any computer used in public, and computers used in an office or home environment, shared by multiple users. Let's assume that you use a shared computer (for example in a library) to buy something online. The website you purchase from will leave a cookie on that computer, and the user of that computer after you will be able to buy something from the site where you used your account to shop. Shopping sites often warn about this problem and that's why. Even errors can occur. For example, I have a friend who once used his wife's computer to buy an item on Amazon. Then when his wife went to Amazon and accidentally clicked the "one-click" button without realizing it had taken the action of buying a book with that click. Something like a Windows NT computer or a UNIX computer that uses accounts properly, this shouldn't matter. The accounts will segregate the user's cookies. However in other operating systems they do not allow this, which is really a serious problem.
  • Cookies are deleted – If you have problems with your browser and call tech support, surely the first thing tech support will ask you to do is delete all temporary Internet files on your device his character. In doing this, you will lose all cookie files. Now, when you visit the site again, the site will think you are a new user and will assign you a new cookie. This falsifies the site's record of new and returning visitors, and it also makes it difficult to restore previously saved preferences. This is why the site requires you to register in some cases – if you register with a user name and password you can log in, even if you lose your cookie file you can still recover it. be the hobby. If the values ​​of preferences are saved directly on the computer (as in the example see the weather forecast on MSN above), recovery is not possible. This is why many sites store all user information in a database and only store ID values ​​on the user's computer.
  • Multiple computers – Many users often use multiple computers in a day. For example, I have one at the office, one at home, and a laptop for occasional business travel. Unless the site is designed to fix this problem, I will have three cookie files on these three computers. Any site that I visit from all three of these computers will identify me as three completely different users. This can be a problem in setting preferences. Now a site that allows registration and saving preferences will allow the same account to be used on all three machines, but site developers must plan for this from design.

If you access the URLs as demonstrated in the previous section from one computer and then try to access them again from another computer, you will see a completely different list of history. This is because the server has already generated two IDs for you, one for each machine.

It certainly won't be easy to solve the above problems, except to require users to register and save everything in a centralized database.

When you register with a website's registration system, the problem will be solved in the following way: The site will remember your cookie value and save it with your registration information. If you take some time to log in from any computer (or a computer that has lost its cookie file), the server will change the cookie file on that computer to contain the associated ID with the information. your registration. That's why you can have multiple computers with the same ID value.

Cookies on the Internet: Privacy Matters

If you have read this far, you will surely wonder why there is such a reaction in public opinion about cookies and Internet privacy. You saw in this article that cookies are just text files and also found that they provide a lot of usefulness on the web.

However, two things have caused a strong reaction in public opinion about cookies:

  • The first is something that has plagued customers for years. Let's say that you buy something by mail order. The supplier company will have the name, address and phone number of your order, they also know what items you have purchased. This company can then sell that information to another company, which also wants to sell the same products to you. That is the source of telemarketing and spam. On a website, a site not only tracks your purchases, but it also knows the pages you've read, the ads you've clicked on, etc. If you then buy something and enter the address and name your site will know more about you. This makes the aim more accurate and also makes many people feel uncomfortable.
  • The second problem is unique to the Internet. There are a number of infrastructure providers that can create cross-site visual cookies. DoubleClick is the most famous example of this. Many companies use DoubleClick to serve banner ads on their sites. DoubleClick may place small image files (1x1 px) on the site to allow it to load cookies on your computer. DoubleClick can then track your actions across multiple sites. It can see the search string you typed into the search engine. Since it can get so much information about you from multiple sites, DoubleClick can create very rich profiles. This is very similar to espionage and it is also the cause of the backlash.