In computing, a cookie (also tracking cookie , browser cookie , and HTTP cookie ) is a small piece of text stored on a user's computer by a web browser. A cookie consists of one or more name-value pairs containing bits of information such as user preferences, shopping cart contents, the identifier for a server-based session, or other data used by websites.
It is sent as an HTTP header by a web server to a web browser and then sent back unchanged by the browser each time it accesses that server. A cookie can be used for authenticating, session tracking (state maintenance), and remembering specific information about users, such as site preferences or the contents of their electronic shopping carts. The term "cookie" is derived from "magic cookie", a well-known concept in UNIX computing which inspired both the idea and the name of browser cookies. Some alternatives to cookies exist; each has its own uses, advantages, and drawbacks.
Being simple pieces of text, cookies are not executable. They are neither spyware nor viruses, although cookies from certain sites are detected by many anti-spyware products because they can allow users to be tracked when they visit various sites.
Most modern browsers allow users to decide whether to accept cookies, and the time frame to keep them, but rejecting cookies makes some websites unusable. For example, shopping carts or login systems implemented using cookies do not work if cookies are disabled.
History
The term "cookie" derives from "magic cookie", which is a packet of data a program receives and sends out again unchanged. Magic cookies were already used in computing when Lou Montulli had the idea of using them in Web communications in June 1994. At the time, he was an employee of Netscape Communications, which was developing an e-commerce application for a customer. Cookies provided a solution to the problem of reliably implementing a virtual shopping cart.
Together with John Giannandrea, Montulli wrote the initial Netscape cookie specification the same year. Version 0.9beta of Mosaic Netscape, released on October 13, 1994, supported cookies. The first use of cookies (out of the labs) was checking whether visitors to the Netscape website had already visited the site. Montulli applied for a patent for the cookie technology in 1995, and US patent 5774670 was granted in 1998. Support for cookies was integrated in Internet Explorer in version 2, released in October 1995.
The introduction of cookies was not widely known to the public at the time. In particular, cookies were accepted by default, and users were not notified of the presence of cookies. Some people were aware of the existence of cookies as early as the first quarter of 1995, but the general public learned about them after the Financial Times published an article about them on February 12, 1996. In the same year, cookies received lot of media attention, especially because of potential privacy implications. Cookies were discussed in two U.S. Federal Trade Commission hearings in 1996 and 1997.
The development of the formal cookie specifications was already ongoing. In particular, the first discussions about a formal specification started in April 1995 on the www-talk mailing list. A special working group within the IETF was formed. Two alternative proposals for introducing state in HTTP transactions had been proposed by Brian Behlendorf and David Kristol respectively, but the group, headed by Kristol himself, soon decided to use the Netscape specification as a starting point. On February 1996, the working group identified third-party cookies as a considerable privacy threat. The specification produced by the group was eventually published as RFC 2109 in February 1997. It specifies that third-party cookies were either not allowed at all, or at least not enabled by default.
At this time, advertising companies were already using third-party cookies. The recommendation about third-party cookies of RFC 2109 was not followed by Netscape and Internet Explorer. RFC 2109 was followed by RFC 2965 in October 2000.
Uses
Session management
Cookies may be used to maintain data related to the user during navigation, possibly across multiple visits. Cookies were introduced to provide a way to implement a "shopping cart" (or "shopping basket"), a virtual device into which a user can store items he wants to purchase as he navigates the site.
Shopping basket applications today usually store the list of a basket contents in a database on the server side, rather than storing basket items in the cookie itself. A web server typically sends a cookie containing a unique session identifier. The web browser will send back that session identifier with each subsequent request and shopping basket items are stored associated with a unique session identifier.
Allowing users to log in to a website is a frequent use of cookies. Typically the web server will first send a cookie containing a unique session identifier. Users then submit their credentials and the web application authenticates the session and allows the user access to services.
Personalization
Cookies may be used to remember the information about the user who has visited a website in order to show relevant content in the future. For example a web server may send a cookie containing the username last used to log in to a web site so that it may be filled in for future visits.
Many websites use cookies for personalization based on users' preferences. Users select their preferences by entering them in a web form and submitting the form to the server. The server encodes the preferences in a cookie and sends the cookie back to the browser. This way, every time the user accesses a page, the server is also sent the cookie where the preferences are stored, and can personalize the page according to the user preferences. For example, the Wikipedia website allows authenticated users to choose the webpage skin they like best; the Google search engine allows users (even non-registered ones) to decide how many search results per page they want to see.
Tracking
Tracking cookies may be used to track internet users' web browsing habits. This can also be done in part by using the IP address of the computer requesting the page or the referer field of the HTTP header, but cookies allow for a greater precision. This can be done for example as follows:
- If the user requests a page of the site, but the request contains no cookie, the server presumes that this is the first page visited by the user; the server creates a random string and sends it as a cookie back to the browser together with the requested page;
- From this point on, the cookie will be automatically sent by the browser to the server every time a new page from the site is requested; the server sends the page as usual, but also stores the URL of the requested page, the date/time of the request, and the cookie in a log file.
By looking at the log file, it is then possible to find out which pages the user has visited and in what sequence. For example, if the log contains some requests done using the cookie
id=abc, it can be determined that these requests all come from the same user. The URL and date/time stored with the cookie allows for finding out which pages the user has visited, and at what time.Third-party cookies and Web bugs, explained below, also allow for tracking across multiple sites. Tracking within a site is typically used to produce usage statistics, while tracking across sites is typically used by advertising companies to produce anonymous user profiles (which are then used to determine what advertisements should be shown to the user).
A tracking cookie may potentially infringe upon the user's privacy but they can be easily removed. Current versions of popular web browsers include options to delete 'persistent' cookies when the application is closed.
Third-party cookies
Images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page.
This condition is common with on-line advertising. Indeed, web banners are typically stored in servers of the advertising company, which are not in the domain of the Web pages showing them. If third-party cookies are not rejected by the browser, an advertising company can track a user across the sites where it has placed a banner. In particular, whenever a user views a page containing a banner, the browser retrieves the banner from a server of the advertising company. If this server has previously set a cookie, the browser sends it back, allowing the advertising company to link this access with the previous one. By choosing a unique banner URL for every Web page where it is placed or by using the HTTP referer field, the advertising company can then find out which pages the user has viewed. The same technique can be used with web bugs. These, unlike the obvious banners, are images embedded in the Web page that are undetectable by the user (e.g. they are tiny and/or transparent).
Third-party cookies are used to create an anonymous profile of the user. This allows the advertising company to select the banner to show to a user based on the user's profile. The advertising industry has denied any other use of these profiles.
Many modern browsers, such
Multi-vendor, Joomla compatible, PHP Shopping Cart from WebGenie ...
CGI shopping cart software. Downloadable open source software. Customizable, search engine friendly pages. Cart system can be installed on any webserver.
eCommerce Shopping Cart Software, Affiliate Shopping Cart
WEBMASTERCART ™ is a flexible shopping cart software and catalog manager for Unix, Linux ... can be easily installed and administrated without requiring any CGI ...
CartIt | Free E-commerce Shopping Cart Software
FREE Powerful Shopping Cart Software. FREE Shopping Cart Software. catalog creation software , catalog ... cartitcclib.cgi Library For the average Internet merchant, this library can be ...
Commerce.CGI Support BBS: Customize my HTML for my shopping cart
Free Shopping Cart Software ... I'm trying to customize my HTML for my shopping cart, but when I veiw source, it shows as commerce.cgi...and ...
Free Shopping Cart Software - Easy Setup!
Free HTML Shopping Cart Software; What People Are Saying about Commerce.CGI: What can i say this script is beyond compare, the best open source e-commerce solution by a long shot.
Website Payments Pro Shopping Carts U.S. - PayPal
To find a software solution or shopping cart that's pre-integrated with your version of Website Payments ... Magento – Open Source eCommerce; Magnetcommerce; Make-A-Store; Mal's E-commerce
Multi-vendor, Joomla compatible, PHP Shopping Cart from WebGenie ...
WebGenie Shopping Cart is an extremely powerful PHP shopping cart software and web site builder application. ... are many thousands of stores using our PHP or CGI-based shopping ...
ShopCMS Paypal Shopping Cart
ShopCMS Paypal Shopping Cart is licensed as open source software. Features: ... Ecommerce Shopping Cart Software: ShopCMS Paypal Shopping Cart: Free CGI Scripts
PDG Software Forums - Starting to setup our shopping cart
And in closed source compiled binary, I would venture to ... information through the 'live' side of the software. Welcome to the message board and PDG! ... Re: Starting to setup our shopping cart Reply #2 - Apr 29 th, 2009 ...
CyberSource Shopping Cart Software for ECommerce Storefronts
ECommerce Shopping Cart Software Solutions. PDG Commerce Professional Shopping Cart Software with No ... merchants should upload the .dll file as binary data into their site's cgi ...