How Things Work: Internet cookies

Cookies, while seemingly nonsensical, contain important bits of information that websites can store on and retrieve from a user’s computer. (credit: Brian Lee/SciTech Editor) Cookies, while seemingly nonsensical, contain important bits of information that websites can store on and retrieve from a user’s computer. (credit: Brian Lee/SciTech Editor)

As the Internet has evolved, it has also become increasingly personal. Shopping sites recognize users and remember their items in shopping carts; Flash games remember a player’s progress through the game; users’ settings and personalization on websites are maintained. In order for this to happen, websites make use of small information files known as cookies.

Cookies may sound like they have something to do with delicious baked goods, but in terms of the Internet, they are simply small text files that allow a website to store information related to the user of the computer. The term cookie comes from “magic cookie,” a UNIX term describing small packets of data sent between communicating programs. These files are contained on the user’s computer, usually in the web browser’s folder.

The information in a cookie is generally stored as attribute-value pairs, which means that it assigns a certain definition to a variable. For example, if a website allows a user to change the color of the text to blue, the cookie may store the attribute as “text color,” and the value as “blue.” The text in a cookie is usually written in a sort of code; for example, saving a ZIP code as a user’s location on creates the following line in the website’s cookie: “WEAT CC=PA%5FPittsburgh%2DOakland&REGION=”. Information in this code is easily spotted due to its keywords.

According to, the web browser itself will look for cookies in the computer folder specified for storing cookies. The browser will then open the file that is requested from a certain website, if one exists. All attribute-value pair information is then sent to the website so the layout can be tailored to the person accessing it. If no cookie file exists, a new one will be created.

In addition, browsers regularly maintain cookies, according to Cookies also specify expiration dates. When these dates are reached, the browser will automatically delete the file from the computer.

Websites can also use cookies for statistical information, like tracking how many users visit the site, how many return, and which pages they visit. This is possible because websites can assign user IDs to computers, which are tracked using cookies. A counter in the cookie file can be set to increase every time the website is accessed by a computer with the same ID.

Cookies provide an easy way to customize and maintain the look of webpages to a user’s need, and it expedites the services they provide. However, many people believe cookies may be a threat to personal security, or that cookies may infect a computer with a virus. While it is true that cookies collect a user’s information, they are not programs that can be run on the computer, according to Therefore, they are not viruses or any malicious programs that can read or erase information from a hard drive, and they will not cause pop-ups.

Surfing the Internet is made more convenient with cookies, and they are harmless information files, but there are still drawbacks. Cookies can be intercepted as they are being relayed from website to computer, in a process called hijacking. One such attack, dubbed the CookieMonster, was used to track authentication cookies sent from various sites. Authentication cookies may be able to give someone access to another user’s account. Considering that some websites under attack belonged to major banking companies, this hijacking can become a serious problem. Another cookie exploitation is called Firesheep, and allows people to log on other users’ Facebook and Twitter accounts.

Another attack is called cookie poisoning, which is when an attacker changes values on a cookie before it is stored on a user’s computer. This can be used to change the amount paid in transactions without the user knowing. To counteract this, websites might store sensitive information on their servers while putting only a session ID in the cookie.

While people still debate whether the benefits of cookies outweigh the threats that they may pose, in the long run, cookies make the Internet more convenient and dynamic.