How Cookies Work
- The transfer of web pages between a server and a browser happens by means of the Hypertext Transfer Protocol (HTTP). When a user types a URL in the address bar of a browser, the browser takes it and sends a request to the server, asking for the web page specified by the user.
- Next, the server sends the page requested by the browser, in the form of an HTTP response. The response is sent as a packet of text that may contain a statement asking the browser to store cookies. This is done by means of a statement, “set-cookie: name = value”. The browser is asked to store the value-string in ‘name’ and return it to the server during any of the further requests made to it.
- During any subsequent request made to the same server, even while requesting a different web page from that server, the browser sends back the cookie value to server. The server identifies this information and fulfills the request, without having the user to perform the authentication process again.
Advantages of this Technology
- By means of cookies, websites can track the number of users visiting it. A website maintains user information in its database. It can implement a mechanism of counting the visits of users, frequency with which a particular user visits a website, noting the users’ preferences, and storing this information in the website database.
- Some websites allow their users to change the layout and content of the website for a personalized view of the site. The cookie technology has made this possible.
- The technology is also useful for advertisers to track the on-site behavior of users. While keeping the personal information of a visitor confidential, cookies help the advertisers in knowing the web surfing habits of the visitors. Advertisers can promote certain products to certain users based on the information they gather from cookies.
- The very popular e-commerce websites harness this technology to implement shopping carts. When a user selects an item, the item is stored in the site’s database. When the user checks out, the website stores information about the items he/she has shopped. This makes it possible for the shopping website to know the user’s preferences in shopping. The online shopping mechanism would have been difficult without the use of cookie technology.
Disadvantages of this Technology
- Cookie poisoning is defined as the act of manipulating the contents in the cookie before they are sent to the server. Changing the information contained in the cookies can misguide websites and advertisers. In case a cookie contains transaction information, an attacker can change the value in the cookie causing losses on part of the user or the e-commerce website involved in the transaction. Every site has an independent set of cookies, which another site should not be able to manipulate. The cookie technology is vulnerable to this in case of some browsers.
- Cookies may generate an inconsistent state between the state of the client and the state stored in the cookie. In cases where an operation is undone by clicking on a Back button, or when a page is reloaded, the state stored in the cookie should reflect the corresponding change. The cookie technology lacks the ability to distinguish between two users who use the same user account. Cookies do not distinguish one user from another. They can distinctly identify only the combination of a user account, a browser, and a computer.
- The cookie technology is vulnerable to cookie hijacking. Cookie hijacking refers to interception of information on the cookies by a malicious user. When cookies are sent over the network in unencrypted HTTP sessions, there exists a potential risk of the information on the cookies being stolen.
Modern technology has found solutions to many of these difficulties. Cookies are criticized for the potential problems one may face when using them, but they remain to be the easiest and one of the few ways to enable online shopping and e-commerce activities. Despite the criticism and the competition, this technology is widely used till date.