Understanding Internet Cookies And What They Do

Have you ever wondered how websites remember user preferences, login credentials or a user’s shopping cart content? The answer is internet cookies, and they probably shape the way you experience the internet a lot more than you realise.

In this article, we’ll explain exactly what internet cookies are, how cookies work, and go over some common concerns cookies raise surrounding privacy and security.

The Basics of How Internet Cookies Work

Internet cookies, also known as magic cookies, are small pieces of data that websites store on your browser after you visit the site. Cookies can improve your online experience by ensuring you don’t have to enter data like your username and password or your location more than once.

Online advertisers use cookies to track your online browsing habits and history and use this data to create more targeted ads. While this does increase the personal relevance of the ads you see online, some people consider cookie usage a violation of user privacy.

The Functional Role of Internet Cookies

Understanding the functional role internet cookies play online is important knowledge for both site owners and internet users alike and will help de-mystify them. Here are some of the important functions internet cookies serve:

1. User Authentication

When you log into a website, the browser stores your details and user authentication thanks to web cookies. This ensures you don’t have to input your username and password every single time you visit a site, and you stay logged in as you navigate through different pages.

2. Personalisation and User Preferences

Cookies store information about your preferences and settings on a website. This allows for a personalised experience, such as remembering language preferences, location, or specific content preferences. The cookies stored help tailor the content to your liking every time you revisit a website.

3. Session Management

Cookies can be used for session management by assigning a unique identifier to recognise a user’s session. Such cookies are temporary and are automatically deleted once you close your web browser. They help websites identify individual users, which is important for dynamic websites that require information from prior interactions to provide a personalised and seamless experience.

4. Online Shopping Ease Of Use

On online shopping websites, websites commonly use cookies to store information about the items in a user’s shopping cart. This means the items you choose to purchase will remain in your cart even as you navigate through different pages or proceed to checkout.

5. Website Analytics

Cookies can provide valuable data for website analytics by tracking information like a user’s browsing activity, pages visited, the duration of the visit, and interaction patterns. This data is valuable for website owners to understand user preferences and optimise the site’s content and structure, creating a better user experience.

6. Targeted Ads

Advertisers use third-party cookies to track users across different websites. This allows for targeted advertising based on a user’s browsing history, preferences, and interests. While this can enhance the relevance of ads, it also raises privacy concerns.

7. Form Auto-Fill

Web browsers like Google Chrome use cookies to fill out online forms automatically. When a user’s web browser saves information such as their full name, email, and address, they don’t have to manually fill out this information whenever they create a new account on a website or complete a web form, saving time and effort.

8. Form Auto-Fill

Cookies enable cross-site functionality, allowing different pages or components of a website to communicate with each other. These cookies help maintain a consistent user experience across different sections of a site.

9. Security Measures

Cookies are often used to store security tokens, such as session tokens or cross-site request forgery (CSRF) tokens. By storing tokens in cookies, websites can easily verify the legitimacy of requests, improving a website’s overall security.

The Origin and Purpose of Internet Cookies

Network engineer Lou Montulli invented HTTP cookies in 1994 and called them the ‘magic cookie’. Prior to this, websites couldn’t recognise a visitor from one visit to the next and had no way to store information like user preferences or password details. This means users would have to enter this information and configure their preferences every single time they revisit a site.

Montuilli, recognising the problem, implemented the idea of cookies by creating a small piece of data that could be stored on the user’s computer. This data, sent from the web server to the user’s browser, would then be included in subsequent requests to the same server.

Cookies were widely adopted in a short time, revolutionising the way we interact with websites today. Since 1994, however, internet cookies have evolved significantly, and there are now dozens of different types – some of which raise more privacy concerns than others.

First-Party Cookies vs Third-Party Cookies

All types of cookies can be categorised as either first-party or third-party cookies. Before we explain the multiple different types of cookies, let’s go over what a third-party cookie and a first-party cookie are.

First-Party Cookies

First-party cookies are directly controlled by the website owner and are mainly used to improve the user experience by storing session information and remembering user preferences. Users can control first-party cookies through their web browser settings. Compared to third-party cookies, first-party cookies are considered less intrusive.

Third-Party Cookies

Third-party cookies, on the other hand, originate from a domain other than the one the user is currently visiting. Third-party cookies are often used by external services (advertisers, analytics providers, social media platforms) to track user activity across multiple sites and deliver targeted content or services. It’s for this reason that they’re often referred to as tracking cookies.

Third-party cookies, especially in the context of online advertising, are often the centre of debates about privacy concerns as they track users across various websites. However, many web browsers like Internet Explorer offer third-party cookie blocking, so users can opt out entirely if they choose.

Google Chrome has plans to phase out the use of third-party cookies completely by January 2024 for the sake of user privacy.

The Different Types of Internet Cookies

Internet cookies have come a long way over the years, and as we explained above, they do a lot more than just remember your username and password. Here are just some of the different types of cookies:

1. Session Cookies

Session cookies play a crucial role in helping websites identify and remember users’ information as they browse. Session cookies are also known as temporary cookies, as they only store details of a user’s activities while they are on the website, and the session cookie gets deleted once the browsing session ends.

2. Persistent Cookies

Persistent cookies store user preferences and actions for an extended period, even after the user exits the web page and closes their web browser. Persistent cookies are used for long-term tracking, storing login credentials, and personalising content.

Persistent cookies help users by making their browsing experience more seamless, and they help digital marketers by allowing them to track their target audience’s online browsing habits.

Even though they linger a lot longer than session cookies, a persistent cookie does have an expiration date. On Chrome, for example, persistent cookies can’t have an expiration date longer than 400 days.

3. Performance Cookies

Performance cookies, which are also known as analytics cookies, are a type of browser cookie that collects information on how users engage with a website and other site data. The primary purpose of performance cookies is to gather data related to the website’s performance and user engagement. 

The information obtained from user sessions through performance cookies is then used to analyse and improve the website’s functionality, speed, and ease of use. This enables website owners to identify areas that need improvement and make necessary changes to improve the user experience.

4. Functional Cookies

Functional cookies, also known as essential cookies, are a specific type of cookie that a website requires to work properly. Essential cookies, unlike other cookies, are not used for tracking or targeting purposes. Instead, they offer fundamental features on the website like load distribution across different web servers to improve performance. They’re often exempt from certain cookie consent requirements.

5. Targeting Cookies

Advertising cookies, often called tracking cookies, are a type of internet cookie that is used to track user activity across websites and build profiles based on their online behaviour. Targeting cookies aim to deliver personalised ads and content to users based on their interests, preferences, and browsing habits.

Targeting cookies play a key role in ad retargeting campaigns for online shopping websites. After a user visits a web page, targeting cookies can be used to display related ads to that user when they visit other websites.

6. Flash Cookies vs. Traditional Browser Cookies

Flash cookies, also known as super cookies or computer cookies, are independent of the web browser. Instead, they’re designed to be permanently stored on a user’s computer instead of a user’s browser. While they share some similarities with traditional browser cookies, they have notable differences in terms of technology, control, and storage.

Browser cookies are typically stored in the cookie folder of the browser cache. Users can view and manage these cookies through their browser preferences and settings. Flash cookies, on the other hand, are installed on the user’s device. These types of cookies remain on a user’s device even after all cookies have been deleted from their browser.

7. Zombie Cookies

Zombie cookies, also known as evercookies, are a type of persistent cookie designed to be highly resistant to deletion. Unlike regular cookies that users can delete through browser settings, zombie cookies work by persistently recreating themselves even after a user has attempted to remove them.

This persistence can make them challenging for users to eliminate and has raised privacy concerns thanks to their ability to track users across different sessions without clear consent.

Privacy Concerns Related to Internet Cookies

The convenience and personalisation internet cookies offer come hand in hand with growing privacy concerns from users and regulatory bodies. Understanding these privacy concerns and how cookies work is essential for site owners to stay in line with regulations around web cookies and user satisfaction.

1. Tracking And Profiling

Internet cookies, especially third-party cookies, are often used to track user browsing habits. These tracking cookies allow marketers and advertisers to create user profiles with detailed insights into individual online behaviour. While this data is mostly used for targeted advertising, it raises concerns about the extent of personal information being amassed without explicit user consent.

2. Invasive Targeting

Internet cookies allow for highly targeted advertising with content tailored to individual preferences. However, this personalisation can feel intrusive when users are inundated with targeted ads that seem to be a little too intuitive. This poses a challenge for advertisers: striking a balance between providing personalised content that increases conversions and maintaining user comfort.

3. User Consent and Transparency

Many users may not be fully aware of the types of cookies in use on websites they visit. Privacy regulations, such as the EU E-Privacy Directive, emphasise the importance of transparent communication about third-party cookie usage and the need for explicit user consent. Websites are required to provide clear information on the purpose of cookies and offer users the ability to block cookies.

4. Data Breach Concerns

The accumulation of vast amounts of user data through cookies makes websites potential targets for cyber threats. In the event of a data breach, sensitive information that cookies track and store, such as login credentials, credit card details and personal preferences stored in cookies, could be exposed.

This has led to the common fear that cookies steal passwords. It’s important for websites using cookies to have robust security measures in place to stop this from happening.

Data Protection Laws Related To Cookies

The user privacy concerns and security risks associated with internet cookies, especially third-party cookies, have led to laws and regulations being put in place to protect users. This includes the ePrivacy Directive, which was introduced in the European Union (EU) in 2001 and further amended in 2009.

As part of the directive, consent is required before advertisers can collect or store any personal data. This means website owners must inform users of the cookies they use and how they will be used, unless they’re essential cookies for the website to function properly.

Website owners also have to provide the option to block third-party cookies, and make the process as user-friendly and clearly accessible as possible.

Internet Cookie Regulations in Australia

Australia doesn’t have any specific regulatory guidance related to cookies. However, website owners using cookies must comply with the Australian Privacy Act of 1988 and the Privacy Legislation Amendment Act introduced in late 2022.

These Acts mean that websites need to obtain content from users if they’re collecting any personal information through cookies that involves sensitive personal information like data related to health, race, criminal record, or sexual orientation.

Even though it’s not strictly necessary for most websites in Australia to gain consent before collecting cookies, it’s generally considered best practice to have a cookie pop-up explaining the uses of cookies on the website and give users the option to either accept cookies or block cookies.

How to Manage Internet Cookies On Your Website

As a responsible website owner or site administrator, knowing how to manage cookies on your website is important for respecting user privacy and complying with any relevant data protection regulations. Implementing transparent and user-friendly practices around cookies will increase the trust users have in your website. Here[‘s how to manage first-party and third-party cookies effectively on your website:

1. The Importance Of A Clear Cookie Policy

Having a clear, easily accessible cookie policy is widely considered best practice for websites today and will ensure you’re in line with any privacy regulations. Trust and transparency go hand in hand, and your cookie policy should reflect this.

This policy should detail the types of cookies used, their purposes, and how users can control or opt out of cookie tracking. Your cookie policy should also be easy to find. Common places to link cookie policies are in the cookie consent pop-up and website footer.

2. Have A Responsive and Clear Consent Mechanism

You should obtain explicit consent from users before placing cookies. Use banners, pop-ups, or overlays to inform users of cookies and prompt them to make choices regarding cookie acceptance.

It’s also important to make sure your cookie consent mechanism is responsive across all devices and screen sizes – This will ensure a consistent and user-friendly experience for visitors accessing your website from different platforms.

3. Consider Granular Cookie Controls

If you want to provide users with as much agency as possible, you should consider offering users granular control of their cookie preferences. This allows them to choose which types of cookies they consent to.

This might mean they accept first-party cookies but decline third-party cookies or only accept temporary session cookies rather than persistent cookies. This empowers users to tailor their experience based on their privacy preferences when accepting cookies.

4. Know Third-Parties Well

If your website uses a third-party service that collects cookies or monitors users’ online activity, you should clearly communicate this to users in your Cookie Policy, ensure that these third parties adhere to privacy standards, and provide information on how users can manage their preferences for these cookies.

How Cookies Impact Website Performance

Cookies can have a significant impact on web performance – every time you make a request to a web server for an object, like an HTML file, a CSS file, or an image, the browser will send the cookie in the request to the server.

This can slow down your website – especially if your cookies are large. While the size of cookies is normally small, having multiple cookies and repeated requests have a cumulative effect on your website’s speed. This can, in turn, affect user experience and your search engine ranking – check out our article about why website speed affects SEO to learn more.

To strike a balance between user personalisation and optimised performance, you should carefully consider the types and quantity of cookies on your website.

Using Internet Cookies With Care

From seamless logins to better insights into online activity, internet cookies are a powerful tool that play a huge role in how we use modern web browsers and advertise online. However, as with any powerful tool, responsible and mindful usage is crucial.

Using internet cookies with care isn’t just best practice – it’s a commitment to responsible digital engagement. By respecting privacy and maintaining transparency, website owners can still provide a personalised experience and gather valuable data while still fostering trust.

  • Juliette Owen-Jones
  • View all posts by Juliette