Understanding Cookies

Some Web sites store information in a small text file on your computer. This file is called a cookie.

There are several types of cookies, and you can choose whether to allow some, none, or all of them to be saved on your computer. If you do not allow cookies at all, you may not be able to view some Web sites or take advantage of customization features (such as local news and weather, or stock quotes).

The process is essentially benign. Cookies store information supplied by the user and read it back later. Cookies can't extract information from cookies belonging to other sites, nor can they interact with other data on the user's hard drive.

Cookies can't actually capture anything; they can only save or recall information. They're scratch-pad memory for the Web site, nothing more. Before any data can be stored in a cookie, a site must first gather that information by asking the user to fill out a form, through a Webmaster's analysis of the user's actions to infer likely buying patterns, and so on. Cookies can be as large as 4K, but in practice, few exceed a couple hundred bytes.

How cookies are used

A cookie is a file created by an Internet site to store information on your computer, such as your preferences when visiting that site. For example, if you inquire about a flight schedule at an airline's Web site, the site might create a cookie that contains your itinerary. Or it might only contain a record of the pages you looked at within the site you visited, to help the site customize the view for you the next time you visit. Cookies can also store personally identifiable information. Personally identifiable information is information that can be used to identify or contact you, such as your name, e-mail address, home or work address, or telephone number. However, a Web site only has access to the personally identifiable information that you provide. For example, a Web site cannot determine your e-mail name unless you provide it. Also, a Web site cannot gain access to other information on your computer. Once a cookie is saved on your computer, only the Web site that created the cookie can read it.

Persistent cookies

A persistent cookie is one stored as a file on your computer, and it remains there when you close your browser. The cookie can be read by the Web site that created it when you visit that site again.

Temporary cookies

A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close your browser.

First-Party vs. Third-Party cookies

A first-party cookie either originates on or is sent to the Web site you are currently viewing. These cookies are commonly used to store information, such as your preferences when visiting that site.

A third-party cookie either originates on or is sent to a Web site different from the one you are currently viewing. Third-party Web sites usually provide some content on the Web site you are viewing. For example, many sites use advertising from third-party Web sites and those third-party Web sites may use cookies. A common use for this type of cookie is to track your Web page use for advertising or other marketing purposes. Third-party cookies can either be persistent or temporary.

Unsatisfactory cookies

Unsatisfactory cookies are cookies that might allow access to personally identifiable information that could be used for a secondary purpose without your consent.

Where did the term cookies come from?

Lou Montulli, currently the protocols manager in Netscape's client product division, wrote the cookies specification for Navigator 1.0, the first browser to use the technology. Montulli says there's nothing particularly amusing about the origin of the name: "A cookie is a well-known computer science term that is used when describing an opaque piece of data held by an intermediary. The term fits the usage precisely; it's just not a well-known term outside of computer science circles."

Last Updated: May, 2003

Unless otherwise noted, this work is licensed under a Creative Commons License