The question assumes, of course, that you know what a cookie is.
It’s a surprisingly simple concept that can be used in a variety of ways, ranging from tracking your behavior across the web to ensuring that you don’t need to log in every time you open even a single email.
Become a Patron of Ask Leo! and go ad-free!
A cookie is…
Cookies are simply data a website asks your web browser to place on your computer. The next time you visit that same site, the web browser automatically sends any cookies it previously saved for that site.
Let’s say you visit a website — somerandomservice.com. When somerandomservice.com sends the page you requested back to your computer, it might include instructions that essentially say, “Here’s some data – 2139c9e36094e943f354af7e9c95e702 – and it’s called ‘id'”.
Your web browser stores the following basic1 information on your computer:
- site: somerandomservice.com
- cookie name: id
- cookie data: 2139c9e36094e943f354af7e9c95e702
Now, let’s say a week later you visit somerandomservice.com again. Your web browser makes a request similar to the following:
- site to visit: somerandomservice.com
- page to retrieve: “/” (the home page)
- cookie name left previously: id
- cookie data left previously: 2139c9e36094e943f354af7e9c95e702
In other words, the cookie left previously is provided each time you re-visit the same site. Whether the site does anything with that cookie is entirely up to the site.
It’s called a cookie because it doesn’t have to be anything specific. Cookie is just a generic term here for “data”.
That data could be a yes/no flag that you’ve visited the site before, or a number that somehow identifies you to that site (like the example I used above), or just about anything else the site-designer wants it to be.
Cookies in use
A simple example is a site where you need to log in. A cookie might be used to “remember” your log-in name if you want it to.
The first time you visit the site, you type in your log-in name and password and perhaps click a checkbox labeled “Remember me”. Once the login is successful, the site puts a cookie on your machine saying (for instance) “username=Leo”. The next time you visit that site, that cookie is automatically sent, so the site “knows” you’re Leo and fills in the username field for you.
Another example would be a web store’s shopping cart.
The first time you visit a site, you register and log in. The site places a cookie on your machine — not with anything you’d recognize, but with some kind of unique identifier. Perhaps a retail store places your specific customer number in a cookie. When you return to that store’s website, your browser automatically provides it with your customer-number cookie, and the website knows you’re a returning customer.
A simple store might use your customer number to pre-load your shipping address for you when it comes time to check out. That’s not stored on your computer, but on the store’s computers. Since it knows who you are by virtue of the customer number, they can access their own database of customer information and retrieve your shipping address.
Some stores go even further, greeting you by name the moment you return before you even log in, or customizing the products they display based on what they know to be your previous interests and purchase habits.2
This can happen all because a single cookie they placed on your machine the last time you visited lets them know immediately who you are when you return.
Not just anyone can see every cookie.
Cookies associated with “somerandomservice.com” cannot be read by any other site.
So yes, you might be sending information to somerandomservice.com, but that information goes only to somerandomservice.com and no one else. Similarly, your customer number at reallybigbookstore.com is stored in a cookie that’s accessible only to reallybigbookstore.com.
It’s important to realize that cookies only contain information placed there by the websites they’re associated with. That means they can only contain information the site already knows. A site might know your name, and display it in subsequent visits, but only because you told it your name during the previous visit.
Cookies are nothing more than a way for websites to remember something — anything they choose to remember — from visit to visit.
You can view cookies saved on your computer yourself. The technique varies depending on your browser.
- Click on the gear icon (formerly the Tools menu)
- Click on the Internet Options menu item
- Click on the General tab if it’s not already showing
- In the section labeled “Browsing history”, click on the Settings button
- Click on the View files button
Everything that begins with “cookie:” is a cookie placed by the named site.
- Click on the hamburger menu in the upper right of the FireFox menu bar
- Click on the Options menu item
- Click on Privacy & Security
- Under Cookies and Site Data, click on Manage Data.
- Click on the vertical ellipsis in the upper right of the Chrome menu bar
- Click on Settings
- Scroll to the bottom and click on Advanced
- Click on Content Settings
- Click on Cookies
- Click on See all cookies and site data
Cookies are basically harmless
Cookies in and of themselves are nothing to be concerned about. They enable a tremendous amount of functionality on the web. If you were to disable cookies completely, you’d quickly find that much of the web simply wouldn’t work, or would at least become exceptionally inconvenient.
Cookies can be used in some interesting ways, particularly by advertising networks, to tell more about you than you might expect. There’s another layer to the discussion that I investigate in What are tracking cookies and should they concern me?