Cookies
A cookie is created at the request of the website a user is viewing. The website requests the web browser create a small text file with a small amount of information, which it can access whilst you are viewing the website. The information is usually to provide some functionality such as a shopping cart to enhance the users experience on the site.
The information saved in a cookie has a name of the cookie, and a value (which can be a numeric or text value). Other information includes the domain the cookie is for (e.g. ddletb.ie), the path/page on the website (if not specified then the cookie is for all pages on the domain), cookie expiry date and time, if the cookie is HTTP only (i.e. cannot be accessed by JavaScript) and finally if the cookie is a secure cookie.
Cookie Uses
Cookies are used on websites to provide enhanced functionality on improve the users experience.
Examples of website cookie use include:
- An online store can record items in your shopping cart whilst you are browsing the store.
- A website can display different content, if you have never visited a site before. An example is many sites show a cookie warning on first visit to a website.
- Allow a website to save any preferences set by a user, so that next time the settings do not need to be set again. Some is setting your hometown on a weather website.
- Can tracking browsing habits. An example is an online store can suggest more useful additional items to buy, based on the previous pages visited.
- For a website that requires you to login, it allows you not to have to type in your user name and password every time to visit the site (or view different pages on a site).
Cookie types
Session cookie
A session cookie for a website only exists whilst the user is reading or navigating the website. When the user closes their web browser, these cookies are usually removed.
Persistent cookie
A persistent cookie for a website exists on a user’s computer until a future date. For example, the cookie expiry date could be set as 1 year, and each time a website is accessed over this period the website could access the cookie.
HttpOnly cookie
A HttpOnly cookie can only be used via HTTP or HTTPS, and therefore cannot be accessed by javascript. This reduces threat of session cookie theft via cross site scripting (XSS).
Secure cookie
A secure cookie can only be used via HTTPS. This ensures the cookie data is encrypted, reducing the exposure to cookie theft via eavesdropping.
Third-party cookie
First-party cookies are cookies set with the same domain (or its subdomain) as your browser’s address bar. Third-party cookies are cookies set with domains different from the one shown on the address bar. The web pages on the first domain may feature content from a third-party domain, e.g. an advert run by www.advertexample.com. Privacy setting options in most modern browsers allow you to block third-party tracking cookies.
Cookie security and privacy
Security
Cookies are text files stored on your computer, and therefore cannot be used to infect your computer with a virus or allow malicious code to run on your computer. So cookies are not deemed dangerous, however there maybe concerns over privacy.
Privacy concerns
Cookies cannot access any other information on your computer, so the privacy concerns relate to tracking of your sites you browse.
Cookies used
Managing cookies
Most modern browsers allow you to manage cookies saved on your computer. For example, you may wish to accept all cookies or reject all cookies.
Google Chrome
To amend the cookies settings:
- Click on the chrome menu.
- Select settings.
- Click + Show advanced settings at the bottom of the page
- Under the Privacy section click the Content settings button
- In the Cookies section, you are able to change the settings, such as allow cookies, remove all cookies, and block third party cookies.
Further, instructions that are more detailed are available here: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647
Controlling your cookies
Any cookie that is not Strictly Necessary is not active by default and does not send information to the resource it is called from. Accepting all cookies, makes all cookies active. You can modify your cookie preferences for the website at any time by clicking on the ‘Set your prefrences’ button below.
Internet explorer 8, 9 and 10
- Select the Tools menu (ALT-X)
- Select Internet Options
- Click the Privacy tab
- Move the slider to choose your preferred settings.
- For more specialised settings click on the Advanced button, check the Override cookie handling checkbox and modify the settings to suit your requirements.
Further instruction are available here: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-10
Mozilla Firefox
- Select Options
- Click the Privacy tab
To clear cookies, select the remove individual cookies link.
To amend the cookie settings, change the Firefox will dropdown in the History section to Use custom settings for history.
Further instructions are available here: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari
- Choose Safari settings menu
- Select Preferences
- Click the Privacy tab.
- In the Block cookies section, specify whether the browser should accept or reject cookies from websites.
- If you want to see which websites store cookies on your computer, click Details.
If you set Safari to block cookies, you may need to temporarily accept cookies to open a page. Repeat the above steps, selecting Never in the “Block cookies” section. When you are done with the page, block cookies again, and then remove the page’s cookies.
Further details are available here: http://support.apple.com/kb/PH11913
Other browsers
With new devices being created all the time, including tablets and phones it is not possible to list every browser for every device. The best advice is to consult the manufactures website for further instructions regarding cookies.
Further Information
The General Data Protection Regulation& You
Data Protection Commission – Storing and accessing information on terminal equipment e.g. “Cookies”