What is Cookie Technology?

The cookie technology relates to the use of HTTP cookies or web cookies, as they are called, by the websites. A cookie is a piece of text that is sent by a server to a web client, and returned by the client, each time it uses that server. Usually a cookie is a text message that is less than 255 characters long. The cookie technology is used for authentication of the website users, session tracking as also for maintaining certain information about the users.

Why is Cookie Technology Used?

Cookies serve as the means to identify a particular user. Once a user logs in to a website, a cookie can be made to associate with the user's login information. For the subsequent visits by that user to the same website, the cookie can let know the website that the user is authenticated. Thus, the user is saved from the monotonous tasks of filling in the login information each time he visits the website.

The second purpose of using the cookie technology is to differentiate between website users. The information pertaining to the user and his preferences can be held in the cookies. This makes it possible for the websites to provide personalization to the users. Based on the preferences of a particular user, websites can bring about a personalization in the presentation of the website and also its functionality. Many websites offer the authenticated users with a facility to customize the web pages and obtain a personalized look and feel in the website.

How does the Cookie Technology Work?

1. The transfer of web pages between a server and a browser happens by means of the Hypertext Transfer Protocol (HTTP). When a user types in a URL in the address bar of a browser, the browser takes it and sends a request to the server, asking for the web page that was specified by the user.
2. Next, the server sends the page requested by the browser, in the form of an HTTP response. The response is sent as a packet of text that may contain a statement asking the browser to store cookies. This is done by means of a statement, "set-cookie: name =value". The browser is asked to store the value-string in 'name' and return it to the server during any of the further requests made to it.
3. During any subsequent request made to the same server, even while requesting a different web page from that server, the browser sends back the cookie value to server. The server identifies this information and fulfills the request, without having the user to perform the authentication process again.

Advantages of the Cookie Technology

• By means of cookies, websites can track number of users visiting it. A website maintains user information in its database. It can implement a mechanism of counting the visits of users, frequency with which a particular user visits a website, noting the users' preferences and storing this information in the website database.
• Some websites allow their users to change the layout and content of the website to bring about a personalized view of the site. The cookie technology has made this possible.
• The technology is also useful for the advertisers to track the on-site behavior of users. While keeping the personal information of a visitor, confidential, cookies help the advertisers know the web surfing habits of the visitors. Advertisers can promote certain products to certain users based on the information they gather from cookies.
• The very popular e-commerce websites harness this technology to implement shopping carts. When a user selects an item, the item is stored in the site's database. When the user checks out, the website bears the information about the items he/she has shopped. This makes it possible for the shopping website to know user's preferences in shopping. The online shopping mechanism would have been difficult without the use of cookie technology.

Disadvantages of the Cookie Technology

• Cookie poisoning is defined as the act of manipulating the contents in the cookie before they are sent to the server. Changing the information contained in the cookies can misguide the websites and advertisers. In case a cookie contains a transaction information, an attacker can change the value in the cookie causing losses on part of the user or the e-commerce website, involved in the transaction. A site has an independent set of cookies. Another site should not be able to manipulate its cookies. The cookie technology is vulnerable to this difficulty in case of some browsers.
• Cookies may generate an inconsistent state between the state of the client and that stored in the cookie. In cases where an operation is undone by clicking on a Back button, or when a page is reloaded, the state stored in the cookie should reflect the corresponding change. The cookie technology lacks the ability to distinguish between two users who use the same user account. Cookies do not distinguish one user from another. They can distinctly identify only the combination of a user account, a browser and a computer.
• The cookie technology is vulnerable to cookie hijacking. Cookie hijacking refers to the interception of the information on the cookies by a malicious user. When cookies are sent over the network in unencrypted HTTP sessions, there exists a potential risk that the information on the cookies can be stolen.

Modern technology has found solutions to many of these disadvantages. The cookie technology is criticized for the potential problems it can face but cookies remain being the easiest and one of the few ways to enable online shopping and e-commerce activities. Despite the criticism and competition, this technology is widely used till date.