An Introduction to HTTP Cookies

Takeaway: The Internet cookie is one the most important Internet tools of our time, but it comes with a few key flaws.

When it comes to the Internet user experience, little things can often make the biggest difference. This is a concept that is exemplified by the development of the HTTP cookie. Often overlooked, the cookie is a file that stores information about each user's browsing history when they enter a website. The chief benefit of this tool is that websites can access these files, gain information about a user's previous history on the website and use that information to improve the user experience tremendously. Not only does this function allow users to automate the login process to emails and shopping carts, it also makes search queries more efficient and even helps websites properly target their advertisements.

While these capabilities are so common that they are often overlooked, many questions remain: How and why were cookies created? How exactly do they work? How is this information collected? What does this advancement mean for the future of the Internet? Read on to find out!

The Invention of the Cookie

The idea for the cookie dates back to 1996, when a young programmer, Lou Montulli, developed the idea as part of Netscape’s e-commerce shopping cart. The tool was designed to communicate with users computers in order to determine which ones had been to the site before.

At the time, servers had trouble matching requests with user browsers. By understanding which users were new and which had visited the site before, Netscape believed that it could deliver a tremendously improved user experience that was both more targeted and efficient. The file wouldn’t be anything fancy, just a text file written in code that would be constantly updated. The term "cookie" was adapted from the computer science term "magic cookie," which signifies a short packet of data that is exchanged between two communicating programs. It wasn’t long before Lou Montulli applied for a patent for the cookie technology. In 1998, he got one. Within just a few years, Microsoft Internet Explorer adopted the technology, effectively making cookies a staple feature of Internet exploring. (Read about more Internet pioneers in The History of the Internet.)

How Cookies Work

When a user visits a website that uses cookies, the website tells the browser to store this information with request rules for later use. The Web server accomplishes this by sending out an HTTP "Set Cookie" header. Web servers use commands with cookies in order to direct the amount of time that a cookie will be used as well as the domain on which it will be used. As the user continues to visit the site, it will request this information from the browser in order to identify users individually. This comes in handy for login sites such as email providers and merchants because it can streamline the login process as well as remember requests and tendencies that are often annoying for users when they have to be made repetitively. These cookies have no executable code and, most importantly, do not contain any viruses.

Almost two decades after the cookie was conceived, it has fundamentally reshaped Web surfing for both users and webmasters. For users, cookies not only help make viewing email and purchasing goods online easier, they have been used to simplify virtually all login processes, such as applying for jobs, filling out forms and making search engine queries, just to name a few. Websites have also improved the quality of their services tremendously. Cookies are now used to help websites provide targeted advertisements - a tremendous revenue source for millions of websites. Cookies have become a great asset not only to buyers, but to corporations as well because the information they provide makes the exchanges between these groups more pleasant for both parties.

Where the Cookie Crumbles

While the cookie has deeply impacted the way we browse websites, not everyone likes cookies. The main objection that has been raised about the use of the cookie is the implicit access to personal information they provide. The reason for these concerns stems from the fact that cookies often provide one point of identification for their users. Because cookies are exchanged over the Internet , if one is intercepted, it can then be duplicated and used to hijack user logins. This can create many issues for users who store sensitive data such as credit card information or Social Security numbers on websites.

Because cookies have the potential to store just about any information that is written in a form on a website, just about any information that is contained in the cookie has the potential to be compromised. For this reason, many have voiced concerns about the potential dangers to users if their personal and financial information gets into the wrong hands. These concerns have not been lost on the part of policymakers in several countries. Over the past few years, governments in both Britain and the United States have proposed bills to limit the use of cookies, or at least allow users to opt out of using them if they choose.

Realizing the utmost importance of user security, many companies have taken determined actions to protect user information. For instance, some Web servers have taken to sending cookies over Secure Socket Layer (SSL). The benefit of using SSL is that it encrypts the browser requests in order to secure the transmission over the Internet . This method has proved to be the most effective way to deal with the interception of cookies. (Learn more about online privacy issues in What You Should Know About Your Privacy Online.)

Other Web servers have also taken steps to revalidate users where sensitive personal information is concerned, such as passwords and credit card information. Sometimes these methods include having users re-enter passwords or enter security identification numbers for their cards. More broadly, adding unique information to user identification criteria, such as a user’s name or IP address, makes user differentiation much easier to verify and much harder to impersonate.

A Game-Changing Tool, but Security Concerns Persist

The creation of the cookie has vastly changed the way that we use the Internet. On the consumer side, it has made shopping online and logging information much easier and more efficient than ever before. On the supplier side, corporations are able to provide a more specific and useful user experience to their customers. That said, both users and websites must take measures to ensure that the information transmitted via cookies is secure. While privacy concerns will persist in the coming years, the invention of the Internet cookie remains one of the greatest Internet tools of our time.