Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

What are Browser Cookies and How Are They Used?

In recent years, we’ve seen an increase in the number of sites that include a “This site uses cookies, is that OK?” kind of warning in response to regulations imposed by various countries.

The question assumes, of course, that you know what a cookie is.

It’s a surprisingly simple concept that can be used in a variety of ways, ranging from tracking your behavior across the web to ensuring that you don’t need to log in every time you open even a single email.

Become a Patron of Ask Leo! and go ad-free!

A cookie is…

Cookies are simply data a website asks your web browser to place on your computer. The next time you visit that same site, the web browser automatically sends any cookies it previously saved for that site.

That’s all.

Let’s say you visit a website — somerandomservice.com. When somerandomservice.com sends the page you requested back to your computer, it might include instructions that essentially say, “Here’s some data – 2139c9e36094e943f354af7e9c95e702 – and it’s called ‘id'”.

These are not browser cookiesYour web browser stores the following basic1 information on your computer:

  • site: somerandomservice.com
  • cookie name: id
  • cookie data: 2139c9e36094e943f354af7e9c95e702

Now, let’s say a week later you visit somerandomservice.com again. Your web browser makes a request similar to the following:

  • site to visit: somerandomservice.com
  • page to retrieve: “/” (the home page)
  • cookie name left previously: id
  • cookie data left previously: 2139c9e36094e943f354af7e9c95e702

In other words, the cookie left previously is provided each time you re-visit the same site. Whether the site does anything with that cookie is entirely up to the site.

Why “cookie”?

It’s called a cookie because it doesn’t have to be anything specific. Cookie is just a generic term here for “data”.

That data could be a yes/no flag that you’ve visited the site before, or a number that somehow identifies you to that site (like the example I used above), or just about anything else the site-designer wants it to be.

Cookies in use

A simple example is a site where you need to log in. A cookie might be used to “remember” your log-in name if you want it to.

The first time you visit the site, you type in your log-in name and password and perhaps click a checkbox labeled “Remember me”. Once the login is successful, the site puts a cookie on your machine saying (for instance) “username=Leo”. The next time you visit that site, that cookie is automatically sent, so the site “knows” you’re Leo and fills in the username field for you.

Another example would be a web store’s shopping cart.

The first time you visit a site, you register and log in. The site places a cookie on your machine — not with anything you’d recognize,
but with some kind of unique identifier. Perhaps a retail store places your specific customer number in a cookie. When you return to that store’s website, your browser automatically provides it with your customer-number cookie, and the website knows you’re a returning customer.

A simple store might use your customer number to pre-load your shipping address for you when it comes time to check out. That’s not stored on your computer, but on the store’s computers. Since it knows who you are by virtue of the customer number, they can access their own database of customer information and retrieve your shipping address.

Some stores go even further, greeting you by name the moment you return before you even log in, or customizing the products they
display based on what they know to be your previous interests and purchase habits.2

This can happen all because a single cookie they placed on your machine the last time you visited lets them know immediately who you are when you return.

Cookie security

Not just anyone can see every cookie.

Cookies associated with “somerandomservice.com” cannot be read by any other site.

So yes, you might be sending information to somerandomservice.com, but that information goes only to somerandomservice.com and no one else. Similarly, your customer number at reallybigbookstore.com is stored in a cookie that’s accessible only to reallybigbookstore.com.

It’s important to realize that cookies only contain information placed there by the websites they’re associated with. That means they can only contain information the site already knows. A site might know your name, and display it in subsequent visits, but only because you told it your name during the previous visit.

Cookies are nothing more than a way for websites to remember something — anything they choose to remember — from visit to visit.

Viewing cookies

You can view cookies saved on your computer yourself. The technique varies depending on your browser.

Internet Explorer

  • Click on the gear icon (formerly the Tools menu)
  • Click on the Internet Options menu item
  • Click on the General tab if it’s not already showing
  • In the section labeled “Browsing history”, click on the Settings button
  • Click on the View files button

Everything that begins with “cookie:” is a cookie placed by the named site.

FireFox

  • Click on the hamburger menu in the upper right of the FireFox menu bar
  • Click on the Options menu item
  • Click on Privacy & Security
  • Under Cookies and Site Data, click on Manage Data.

Google Chrome

  • Click on the vertical ellipsis in the upper right of the Chrome menu bar
  • Click on Settings
  • Scroll to the bottom and click on Advanced
  • Click on Content Settings
  • Click on Cookies
  • Click on See all cookies and site data

Cookies are basically harmless

Cookies in and of themselves are nothing to be concerned about. They enable a tremendous amount of functionality on the web. If you were to disable cookies completely, you’d quickly find that much of the web simply wouldn’t work, or would at least become exceptionally inconvenient.

However.

Cookies can be used in some interesting ways, particularly by advertising networks, to tell more about you than you might expect. There’s another layer to the discussion that I investigate in What are tracking cookies and should they concern me?

Podcast audio

Play

Video Narration

Footnotes & references

1: There’s actually more — like an expiration time after which the cookie should be forgotten — but I’m overlooking all that to keep this about basic concepts.

2: Amazon is a great example of this type of customization.

6 comments on “What are Browser Cookies and How Are They Used?”

  1. Your kinds of cookies include:
    browser cookies
    tracking cookies
    second party cookies
    third party cookies

    Using Windows Explorer, is there any way to distinguish which kind of cookie file I’m looking at? (include looking at cookie Properties)

    • Hi Arthur,

      If you open some cookies, some say “sessionid” at the top, and those would be session cookies. There are other ones that say “userid” or “GA [really big number]” at the top, and I’m not sure what category those would fall into. I’ve noticed cookies from the same site can be different sizes, and you can get different cookies from the same site, like Google. Some cookies are big (1 KB or more.)

      I hope this helps.

  2. Thank you very much LEO!. I still have a problem, though… I have enabled all cookies and I keep getting that message that suggests enabling cookies in order to open some files..

  3. hi leo
    Thanks for the useful articles concerning cookies, spybot detected tracking cookies and brouser cookies , which where removed from my pc, this in turn led me to look into cookies. and their properties.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.