Http Cookies --Issues, Benefits and Inaccuracies

I found this article "Http Cookies Explained" by Andrew Nielsen rather interesting. It's always good to know the different pieces of working online, buying online or if you have an ecommerce site--what things are always a concern.

This is basically an informative piece, giving you a full story of Http Cookies-- from it's beginnings to today's issues and problems. What I found interesting is the data privacy issue due to the ability of the tracking of user behavior over multiple website -- and thus, the subject of legislation in the US, United Kingdom and other countries.

And to the issue of multiple users and the accuracy of the user profile -- I have to agree. If there are several earning family members using the same computer -- the profile will not be the same--and can definitely mess with your email marketing for new promotions.


HTTP Cookies Explained

by Andrew Nielsen


An HTTP cookie is a small piece of data. This data is sent by a web server when a user loads a page and then sent back unchanged to the server every time the user accesses the server. The purpose of this is to allow the server to identify the individual users requesting web pages from the server.

Cookies were invented to allow web servers to track and maintain information about the contents of users’ electronic shopping carts. Cookies allowed the server to uniquely identify which user was adding or removing items from a shopping cart and thereby to keep track of individual shopping carts. Without cookies, each interaction with the web server had to be treated as a separate event, and there was no obvious or accurate connection to a user’s previous actions.

Today, cookies are also used to keep track of user site preferences and user behavior across multiple websites. The latter is used primarily for advertising and involves tracking the user across multiple websites and thereby targeting ads to the user. Even when a user visits different websites served by different web servers, there may be ads on such websites which are served from one server. This way, the server providing the ads will be able to track the user.

A cookie can contain any (small) amount of data and will most often contain a string randomly generated by the server. There is thus no personal information stored in the cookie itself. The server may however store personal information and user preferences if the user types these in on the website. The cookie then allows the server to associate the information stored in the server with the user, when the user visits the website and the cookie is sent by the browser to the server.

Most browsers allow the user to decide if he or she will accept a cookie from a web server. If the user declines, this disables the functionality on the website utilizing cookies. If a website has implemented an electronic shopping cart using cookies, it will thus not be possible for the user to make a purchase without accepting the cookie.

Cookies may have an expiration date in which case the browser will not send the cookie to the server after expiration. Some cookies are defined as non persistent, in which case they are deleted when the browser is closed. Also, users may manually delete all or selected cookies.

While the data in the cookie itself is not personal and a server can only acquire personal information if the user explicitly discloses it, cookies are seen as a cause for concern over data privacy. The main reason for this is the tracking of user behavior over multiple websites. For this reason, cookies have been subject to legislation in United States, United Kingdom and other countries.

There are other areas of concern. If multiple users use the same computer, user profile and browser they will appear as one user to the web server. Also, cookies may be stolen, tampered with or an attacker may listen to the connection between a server and user and thereby snoop the cookie.

There are alternatives to using cookies each with their own drawbacks. One alternative involves tracking the user by the IP address from which the server receives the request for a webpage. This is inaccurate as multiple users may share the same IP address or proxy server. Other alternatives include HTTP authentication and embedding of information into URLs.

In this article we described what cookies are and what they may be used for. We have seen why they are a cause for concern over data privacy and we have touched on the subject of alternatives.

About This Author

Andrew Nielsen is a consultant an internet veteran who has spent the last many years helping internet companies become more profitable. Andrew is currently also helping business start ups and individuals make money online. Visit http://www.i-want-to-be-rich.com/