First, we need to understand the word Web Cookies.
Whenever you open any website then it’s stored in your browser in text format. The text can be user ID, session ID or any other text.
Websites store cookies on your browser to keep track your web activities. Web Cookies were also called “Magic Cookies” when they were introduced by web browser programmer Lou Montulli.
How do web cookies work?
The most common method used by web servers to know whether the user is logged in or not, and which account they are logged in with. Without such a mechanism, the site would not know whether to send a page containing sensitive information or require the user to authenticate themselves by logging in.
The webpage can save their setting elements in term of cookie, so whenever you will open the same website in future, the browser can read the cookie and open the required website with the same cookie.
Example-
If you have opened Gmail account, then close your browser after your work has completed without log off. In future whenever you open the Gmail.com in the same browser, it will automatically read the cookies and show your account. There is no need to login the account again.
Types of Web Cookies-
1. Session cookie
A session cookie, also known as an in-memory cookie or transient cookie, exists only in temporary memory while the user navigates the website. Web browsers normally delete session cookies when the user closes the browser. Unlike other cookies, session cookies do not have an expiration date assigned to them, which is how the browser knows to treat them as session cookies.
2. Persistent cookie
Instead of expiring when the web browser is closed as session cookies do, a persistent cookie expires at a specific date or after a specific length of time. This means that, for the cookie’s entire lifespan (which can be as long or as short as its creators want), its information will be transmitted to the server every time the user visits the website that it belongs to, or every time the user views a resource belonging to that website from another website (such as an advertisement).
For this reason, persistent cookies are sometimes referred to as tracking cookies because they can be used by advertisers to record information about a user’s web browsing habits over an extended period of time. However, they are also used for “legitimate” reasons (such as keeping users logged into their accounts on websites, to avoid re-entering login credentials at every visit).
These cookies are however reset if the expiration time is reached or the user manually deletes the cookie.
3. Secure cookie
A secure cookie can only be transmitted over an encrypted connection (i.e. HTTPS). They cannot be transmitted over unencrypted connections (i.e. HTTP). This makes the cookie less likely to be exposed to cookie theft via eavesdropping. A cookie is made secure by adding the Secure flag to the cookie.
4. HttpOnly cookie
An HttpOnly cookie cannot be accessed by client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). However, the cookie remains vulnerable to cross-site tracing (XST) and cross-site request forgery (XSRF) attacks. A cookie is given this characteristic by adding the HttpOnly flag to the cookie.
Is there any Security Concern?
Yes, we need to delete our cookies at the time to close our browser.
The security of an authentication cookie generally depends on the security of the issuing website and the user’s web browser, and on whether the cookie data is encrypted. Security vulnerabilities may allow a cookie’s data to be read by the cyber-criminal, used to gain access to user data, or used to gain access (with the user’s credentials) to the website to which the cookie belongs.
Cookies tracks your web surfing information to display advertising on the basis of your last visit to any website.
So, if you clear the cookies you will log out automatically from all websites which were saved in cookies.
Some of the sites are selling your cookies data to third parties for your online behavior.
