A cookie is an information file that serves as an identifier and is stored on the computer of a user of a website. Cookies are often used to manage user preferences and the personalization of websites.
Due to the small amount of information contained in a cookie, it cannot (and should not) be used to reveal the identity of the navigator or personally identifiable information (PII)
Each time the user loads the website, the browser sends the cookie back to the server to notify the user’s previous activity. Cookies were designed to be a reliable mechanism for websites to remember your status information (such as items added to the shopping cart in an online store) or to, through the web analytics, record the user’s navigation (including clicking on the particular buttons, their access to the system or the recording indicating that pages were visited in the past).
Cookies can also store passwords and content that a user has previously entered, such as a credit card number or an address.
Tracking cookies, and especially third-party cookies, are commonly used as ways to compile long-term records of users’ browsing histories. This is a potential privacy concern that prompted European and U.S. lawmakers to take action in 2011.
Other types of cookies perform essential functions on the modern web. Perhaps most importantly, authentication cookies are the most common method used by web servers to know whether or not the user is logged in and which account they are logged in to. Without such a mechanism, the site would not know where to send a page containing sensitive information or if the user is required to authenticate again.
The security of an authentication cookie generally depends on the security of the issuing website and the user’s web browser, as well as whether the data is encrypted. Security vulnerabilities can allow data in a cookie to be read by a hacker, who can use it to gain access to user data or to gain access (with the user’s credentials) to the web page to which the cookie belongs.