Wednesday, February 13, 2013

Umm, Them tasty Cookies


Overview

Cookies can provide you with essential information about your website's visitors, allowing you to make the best use of your advertising dollars. Recently however, some individuals and groups are questioning the ethical issues behind online cookies. Some argue that cookies are an infringement of privacy, others think that cookies will destroy your computer. On the other side of the battle, supporters of cookies claim that cookies are mutually beneficial between web users, and site administrators. In this post I'm going to briefly discuss a few point about cookies: what a cookie is, what a cookie isn't, different types of cookies, and reasons why you as a webmaster should be using cookies on your site.

What is a Cookie?

Cookies are simply text data sent from a website, then stored on your computer's hard drive. This text contains information about the profile of the web user, such as browsing history and click patterns.The data contained in the cookie can be put to a number of uses, from helping websites identify who its visitors are, to enabling the website to effectively select the right advertisements to put in front of its visitors. Cookies also improve the website visitor's experience by remembering user's preferences. There are also many more uses for these cookies.

Cookies are made up of text data with five variable-length fields: expiration date, domain, path, secure / not secure, and name. These fields all effect how the cookie is used. The expiration date dictates when the cookie will expire. If there is no expiration date, then the cookie will expire as soon as the visitor closes the browser. The domain field is simply the name of your website. The path field contains information about what site the visitor was on before they found your site. The secure / not secure field dictates when the cookie can be retrieved. I the field is "secure," then the cookie will only be accessed through a  secure server. If the field is blank, then there is no restriction as to when the cookie can be accessed. The name field is just the name of the cookie.

Cookies also have restrictions and limitations. For example, a cookie can't be larger than 4K, and each domain can only have 20 cookies. There are no limits however on the maximum amount of cookies a browser can support. However, RCF 2109 6.3 defines the minimum amount of cookies a browser can support to be 300.

What a Cookie isn't

Cookies are not malicious programs out to destroy computers, in fact, they're not programs at all. If a computer is infected with a virus, or has spyware on it, it is true that these can read the cookies on the hard drive, but cookies aren't the problem and they will not destroy your computer; malware is the problem that needs some attention.

First Party vs Third Party cookies

All cookies can fit into one of two groups: first party cookies, and third party cookies. First party cookies are given to the website visitor by the current website domain that he is visiting. A third party cookie is one that is given to a website visitor by a different domain than which he is currently visiting. Webmasters typically use these to track visitor’s traffic to other sites. There is also a case involving first party cookies, but the information from the user, instead of going back to the original domain, is sent to a third party for analytics. To the right I've included diagrams that explain all three of these scenarios.


Session vs Persistent Cookies

Not all cookies are saved on visitor's hard drive. Session cookies are saved in a visitor's browser until they are done with their session. Session cookies allow websites to recognize their visitors as they navigate through the various webpages on their site, but then once the session is ended, the cookie is discarded. E-commerce websites use these when tracking the items in your shopping cart. Persistent cookies however, are stored in a visitor's temporary folder on their hard drive. Webmasters can use this information to identify returning users to their website.

Why Should I Use Cookies?

 Below I've included a list of reasons you should be using cookies on your website.

  • To track shopping carts on your website
  • Using cookies is the best way to follow your traffic
  • Cookies can store user preferences, improving your visitor's experience
  • If you have multiple sites, you can track your traffic between the sites
Almost all major websites are using cookies, with the exception of Federal Websites (see M-03-22). Although there are many individuals and groups out there who are against the use of cookies (mainly third party cookies), cookies are almost a necessity for any company that heavily relies on their website.

Most information used in this post was found in the links below.