DEV Community

Cover image for What is a cookie, and what are they used for?

What is a cookie, and what are they used for?

Ezinne AnneπŸ˜ŽπŸ‘©πŸΏβ€πŸ’» on December 26, 2022

If you are reading this, you are probably wondering what a cookie is. First, this cookie is not edible. It is a programming word, and it was derive...
Collapse
 
cubiclesocial profile image
cubiclesocial

Two things not addressed in the article:

  1. Web browsers have limits on the size and total number of cookies. They are not a panacea for storing vast amounts of information and, once set, are sent with every web request to a server (even for static assets like JS and CSS files). Typically the limit is around 4-8KB of data before the browser refuses to set new cookies. That can and does cause all kinds of problems in the application that expects cookie setting to work normally.

  2. Deleting all cookies and localStorage entries is not really desirable for most users mostly because it requires digging around in the web browser settings dialog and then the user has to re-login to the websites they want to use. I've guided users through the process and it takes some hand holding to get them to the right place and delete just the cookies that need to be deleted (rather than blanket deletion of everything). It is better if tracking cookies are never set in the first place by blocking the requests to known advertising and stats servers. Extensions like uBlock Origin (ad blocker) and Ghostery (general tracker blocker which happens to block some ads too) stop originating requests without being too onerous and stopping first-party cookies from working as intended. Can someone still be tracked? Perhaps. But it is a lot harder when Google Analytics, other common analytics tools, and ad server contact attempts are being refused at the source. Ghostery even recently added automatic cookie policy dialog handling to their extension.

I see some people in the comments were tricked into viewing this Dev.to post by clicking on the header. Devs are generally more resilient than regular users. So on a related note to that aspect of this post, one of the most devious bits of advertising I run into is a site like getpaint.net whose purpose is to distribute a specific piece of software (Paint.net). If you visit getpaint.net without an ad blocker, the site will show ads that will almost certainly trick the user into starting a download of malware with a big green "Download now" button. The real download location is accessed via a simple hyperlink. I'm sure that displaying ads brings in some revenue for the author of that fairly popular software product but the method of getting a few bucks for showing some ads is being usurped by "drive by malware" authors. When providing a binary download intended to be run by the user, the number of ads delivered by a general-purpose ad platform should be ZERO. As in, no ads anywhere that could be used by bad actors to deploy malware.

Collapse
 
ezinne_anne profile image
Ezinne AnneπŸ˜ŽπŸ‘©πŸΏβ€πŸ’»

This is great, maybe you can write on it and add the info.

Collapse
 
thinkverse profile image
Kim Hallberg

Seems I wasn’t the only one tricked by the feature image, good one. πŸ‘ Clicked that multiple times wondering why it wouldn’t go away. πŸ˜‚

Collapse
 
ezinne_anne profile image
Ezinne AnneπŸ˜ŽπŸ‘©πŸΏβ€πŸ’»

πŸ˜‚πŸŒš

Collapse
 
nekio profile image
NEKIO πŸ’™

i hate you, i clicked it

Collapse
 
ezinne_anne profile image
Ezinne AnneπŸ˜ŽπŸ‘©πŸΏβ€πŸ’»

Oops sorry

Collapse
 
dpkreativ profile image
Divine Orji

Very nice and concise! Thanks for explaining this

Collapse
 
ezinne_anne profile image
Ezinne AnneπŸ˜ŽπŸ‘©πŸΏβ€πŸ’»

Thank you for reading

Collapse
 
dhruvjoshi9 profile image
Dhruv Joshi

Nice!

Collapse
 
sunriseonuoha profile image
sunriseonuoha

apt..

Collapse
 
ezinne_anne profile image
Ezinne AnneπŸ˜ŽπŸ‘©πŸΏβ€πŸ’»

Thank you

Collapse
 
suharyadi2112 profile image
Suharxxxx

nice

Collapse
 
zt4ff_1 profile image
Kayode

I got tricked :)
The featured image tricked me into clicking "Got it".

Nice article btw! Thanks for sharing.

Collapse
 
ezinne_anne profile image
Ezinne AnneπŸ˜ŽπŸ‘©πŸΏβ€πŸ’»

Thank you

Collapse
 
altafbazaz7 profile image
Mohammad Altaf Bazaz

I have integrated AWS Cognito Identity JS into a custom UI with all sign in / forgot password / sign out functionality. But now i want to log in to the dashboard by logging in from a different domain and not from the domain where my website is hosted. I am using AWS Cognito but because of limited resources i am not able to find a feasible solution. In my domain where i have hosted my website i a able to login by setting all tokens onto local storage and if there is any object in local storage i am navigating my user to dashboard. My dashboard is a protected route.

Collapse
 
moazamdev profile image
Moazam Ali

I also tricked, and clicked "got it" πŸ˜‚

Collapse
 
heymich profile image
Michael Hungbo

🀣

Collapse
 
moazamdev profile image
Moazam Ali

Thanks for the knowledge, but I have question.

Can we restrict websites for creating cookies of our data by using the brave browser instead of chrome browser?