Some of the spyware scanners will report cookies as possible spyware because they could potentially be used by a site to track who you are.
In this case, those cookies are actually quite useful.
Sign-ins and cookies
Many of the websites that you visit will have some kind of “Auto Sign-in” or “Remember Me” check box. These cause the computer to remember who you are so you don’t need to re-sign-in every time you visit the site – even after closing your browser or rebooting your computer.
They do this by leaving a cookie on your machine.
The next time that you visit that same service, the cookie is sent along with your request for a page from that site. The cookie contains information unique to whatever service you’re using that includes information about who you are, the fact that you were signed in before, and the fact that if everything’s in order you should be automatically signed in again without being prompted.
The cookie may contain personally identifiable information – perhaps your actual account name and encrypted password – but more commonly, some other unique identifier that allows the site to securely know it’s you and not ask you to sign in again.
As you can imagine, that information is gone when you delete the cookies.
Any websites that you visit will not have that information about you having been signed in before, so it will ask you to sign in.
This is such a frequent issue that it’s not uncommon for cookie-cleaning tools to offer to be smart about exactly what cookies they clean:
Tools like CCleaner have the option to preserve cookies from a pre-defined list of sites – typically email services, as you can see in the example dialog above – that use this behavior.
The solution is actually very simple:
- Return to the site
- Sign in again
- Make sure that the “Remember Me” option is checked when you do.
This will cause the site to leave a new cookie that indicates that you are in fact signed in and don’t need to sign in again.
This happens to me from time to time. In a fit of cleanliness, I’ll delete all of my cookies and for the next few days, I’ll have to sign in to a number of sites that normally I wouldn’t have.
Caveats with “Remember Me”
Exactly how “Remember Me” works will vary sometimes dramatically from site to site. For some, it’s truly an infinite sign-in. For others, it really just means remember me for a day, until I close my browser, or any of a number of other conditions.
Also, particularly when it comes to services that require a higher level of security, you may be asked to sign in again anyway to prove that you are who you say you are.
And therein lies the biggest caveat of all.
When you have “Remember Me” selected, anyone can walk up to your computer and start using that website or service as if they were you without needing to sign in and without needing to know your password.
Use it appropriately.