Open in app

Sign in

Write

Sign in

HTTP Cookies: How Websites Track Our online Activities

Madushan perera
4 min readFeb 23, 2023

--

Have you ever noticed that after visiting a website, you keep seeing advertisements or suggestions for content linked to that website? Or have you ever logged into a website and observed that you remain logged in even after you’ve closed your browser? These are all instances of websites tracking your online behavior using HTTP cookies.

In this article, I’ll take a closer look at HTTP cookies to learn more about what they are, how they work, and what they’re used for.

When a user visits a website, a web server places a small text file on their computer known as an HTTP cookie, also called a web cookie. These cookies are used to track user behavior and preferences, provide personalized content, and enable various website features.

For example, online shopping websites utilize cookies to track a user’s shopping cart and their shopping behavior.

Cookie issuance process.

  1. The client sends a request to the server for a web page.
  2. The server responds to it and sends the cookie information to the Set-Cookie Header along with the web page. In addition, the cookie expiration period (Expires) and effective range (domain, path), value, expiry time, and some other information are supplied.
  3. When the Set-Cookie header is received by the user’s browser, the cookie is stored on the user’s device. (The website can then personalize the user’s experience or maintain the user’s login state by including the cookie in subsequent requests made by the browser to the website.)
  4. When the user makes further website requests, The browser will add the cookie in the request headers. This enables the website to identify the user and provide customized content or keep the user’s session state.
  5. A cookie is destroyed from the user’s device when it expires or is manually deleted by the user

Advantages of HTTP Cookies

Authentication

Cookies can be used to verify users’ identities and store their login information so they don’t have to enter it each time they visit a website.

Personalization

Cookies can be used to save user settings and preferences, including language and display preferences. This enhances customers’ overall user experience by enabling websites to offer them a customized experience depending on their preferences.

Management of user sessions

Cookies can be used to manage user sessions, enabling websites to monitor user behavior and retain session data like the contents of a user’s shopping cart or the pages they have viewed.

For online shopping carts

Items that a user has put in their shopping cart on an e-commerce website can be stored in cookies. This enables customers to keep shopping and come back to their cart later without losing their chosen products.

Login management

Users can transition between devices without having to log in again by using cookies, which can be used to manage user logins across several devices.

HTTP cookies are a valuable tool for both website owners and users, providing a variety of benefits that aid in improving the user experience, tracking user activity, and optimizing website speed. However, its use raises some security concerns as well.

Security issues of HTTP cookies

User impersonation

The key risk with unprotected cookies is user impersonation.

One possible scenario is where an attacker physically accesses a user’s device and then uses the cookies that have been saved to the device to impersonate the user on different websites. This can occur if the user does not have password protection or other security measures in place to protect their device.

Session hijacking

In session hijacking attacks, an attacker steals a user’s session ID or authentication token, which can allow them to impersonate the user and gain unauthorized access to sensitive information.

Information leakage

Cookies can also store sensitive information, such as login credentials or personal data, which can be accessed by an attacker if the cookie is stolen or compromised.

Cross-site scripting (XSS) attacks

Attackers can insert malicious code into a web page using XSS attacks, which can then be used to steal user cookie data. The attacker can assume the user’s identity or gain unauthorized access to confidential information if they have access to the cookie data.

Mind Map — HTTP cookies

Next>>> HTTP Headers

In the next article, I will be discussing HTTP headers.HTTP headers are also an important part of the HTTP protocol used for communication between web servers and web clients, such as browsers.

https://madushan-perera.medium.com/http-headers-extra-pieces-of-information-eb63b7063ab2

Follow me for more & Keep getting in touch with me!

--

--

Madushan perera

Written by Madushan perera

24 Followers

Cloud Security Enthusiast | Research Writer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams