A cookie is a tiny bits of data store in a web browser by publisher (web owner) to identify the user of website in order to communicate with web browser (the user) and to track user’s behavior and activities every time on the same website. When a user visit or logon a website, a session between user and website starts and a session ID is created and only for that session. A Cookie stores information about user’s interaction with a website. Website owners may track users by inserting a cookie into user’s web browser so that whenever user uses the same web browser in which the cookie is stored, then website owner (web server) will recognize him again. E commerce website owners use this to recognize their old customers or track customer’s journey on their website or identify customers for particular offer and service.
There are three types of cookies namely Session cookie, Persistence cookie and Secure cookie. Session cookie is required to keep user logged on and identifiable. When session is started and session ID will generate and store in the browser, so even though user close the web page or browser without logging out; it won’t log out if user reopen the same page or website again. User must log out for the session to destroy and once destroy session ID will no longer be valid. Persistence cookies remain remain on user’s browser for a very long time because they are store in website’s database as well in order to use them as for long time relationship (tracking – track user’s relationship and service or communication purpose – sending specific advertisement on user’s browser). Though both session and persistence cookie has expiry time and date; session cookie is used for holding on logged on accounts so expiration timing should play between 15 minutes and 2 hours or less, however, persistence cookie may stay valid for usually up to one year even it may stay forever unless user clears cookie from web browser. Secure cookie is a cookie placed in web browser only by HTTPS websites. Most banking and e-commerce websites place only secure cookie with encrypted data in order to facilitate secure transactions.
The Security Concerns With Cookies in Web Browser:
Cookies are generated and stored in web browsers for holding confidential data unless they are destroy by logging accounts from the web browser or remove these cookies from web browser. Cookies created into web browser is only for user’s browser but the problem is that if anyone manages to steal these cookies (the Session ID) then the stealer of these cookies may or surely compromise user’s accounts and reveal confidential and sensitive information. Information that cookie stealers can get may include: Logged on user accounts like email, social media, online banking and more.
How Cookies are Stolen?
Cookie attackers are common just because of financial related information are hacked easily through the use and help of cookies hacking tool and other information stored in a web browser can be hacked.
Cookie does not help users to good experiences and use websites conveniently but it also helps website owners to keep good and identifiable and traceable relationship with their users / customers. For security reason, if anyone understands what is cookie and it also important to understand how protect own browser against cookie stealing and other common attacks on web browser.