What are Cookies?
The “What are cookies” question is one we are asked very frequently. More so now because they are in the news with recent update to privacy cookie laws and guidelines from the office of ICO for data protection and Freedom of Information. There are several types of cookies and the different cookie types are listed out below. All cookies are text files that websites place on visitors’ computers to store a range of information. The information is usually specific to that visitor – or rather the device they are using to view the site – like the browser or mobile phone. They were created to overcome a limitation in web technology in that web pages are ‘stateless’ – which means that they have no memory. Web pages cannot easily pass information between each other. So cookies provide a kind of memory for web pages. We have a cookie FAQ page for reference.
What are cookies and what do cookies do?
Types of Cookies
There are several types of cookies that are used on most websites today. Here is a list of the main types and a brief description of each type.
First Party Cookies - One of the key attributes of a cookie is its ‘Host’ – this is the domain name of the site that ultimately sets the cookie, and therefore is retrieved by on a subsequent visit. If the host name is the same as the domain in the browser address bar when it is set or retrieved, then it is a First Party Cookie.
Third Party Cookies - If the host domain for a cookie is different to the one in the browser bar when it was downloaded, then it is a third party cookie. These are typically used by advertising networks which display adverts in multiple sites. Whenever you visit a site displaying that company’s adverts, their cookies are set and retrieved from the browser. In this way the advertiser can ‘track’ the websites visited by that browser – and by inference build up an understanding of what the person using the browser is interested in.
Session Cookies - Session Cookies are only stored temporarily in the browser’s memory, and are deleted when it is closed down. However, they will survive navigating away from the website they came from. If you have to login to a website every time you open your browser and visit it – then it is using a session cookie to store your login credentials.
Persistent Cookies - As the name suggests, this type of cookie is saved on your computer so that when you close it down and start it up again, it is still be there. All persistent cookies do have an expiry date and if that expiry date is reached, it will be deleted by the computer. If the expiry date is not set, or is in the past, then it is a session cookie. However, there is no real limit on the expiry date – so it could be set to be 20 years in the future. In addition, if you revisit the website that served up the cookie, it will automatically place an updated version on your computer – with a revised future expiry date. If you login into a website, then shut down your computer, start it up again, and go back to the website to find you are still logged in – then it is using a persistent cookie to remember the visit from your computer or device
Analytics cookies - Analytics cookies are another type of persistent cookies and are probably the most common form of persistent cookies in use today. Persistent cookies are also used to track visitor behaviour as they move around a site, and this data is used to try and understand what people do and the pages they visit on a website, how long they stay on pages, etc. This forms the basis of Web Analytics and is widely used to measure and manage website performance. Since Google started providing its own analytics technology called Google Analytics free of charge to website owners, almost all websites use some form of analytics software – although there are also paid-for services available to rival Google Analytics.
Secure Cookies - Secure cookies are only transmitted via HTTPS – which you will typically find in the checkout pages of online shopping sites and online banking sites. This ensures that any data in the cookie will be encrypted as it passes between the website and the browser.