Let's talk about cookies. Not the one that tastes good but the ones that taste like... science? You probably noticed them when you get a popup message that cookies are being used when you are browsing.
HTTP cookies are a pretty nifty invention allowing small data to be stored for later use as a text string.This data is stored on your browser for later use the next time that page is referenced. A great example of how cookies are used is storing session data for a social network. This allows the website not to ask you to log in the next time you go to the site or navigate to another page on the same site. You can store many things in a cookie like a user id's, settings (Like dark mode), items in your shopping cart, etc. The most controversial use case for cookies is used for tracking user activity.
Like we talked before there are many use cases for cookies. These are four classifications of the most common cookies in the wild:
Session Cookies: They are temporary cookies that are deleted when the browser is closed. They are used to power e-commerce shopping carts. These cookies are mostly harmless due to only being used for short-term memory.
Persistent Cookies: These cookies have an expiration date and when they reach that date they are deleted. If the browser is closed they won't get deleted. This cookie will return to the issuer of the cookie when you visit the site where it was created and or an ad that you clicked. When used with ads it's possible to track your activity through many websites posing a privacy risk. This is how Google and Facebook can tell what ads they will show you that are more relevant to you. They are also used for remembering to leave you logged in to any service.
First-party Cookies: They are used only on the site that you are visiting saving settings, sessions, etc.
Third-party Cookies: These are the ones we mentioned for ads. They are used across multiple sites to track users who click on an advertisement associating them with the referring domain.
Not all cookies are bad and blocking all cookies might limit some features on some websites that are necessary but that doesn't mean we can't be vigilant. You can go to your browser's security and privacy settings and set cookies to be as strict as you can without making it difficult to access the website's features. This varies from browser to browser and a quick google search will yield the results you need. You can also utilize incognito mode that starts a session with a clean slate. After you close the incognito session all cookies even persistent ones will be deleted. That also means that no sessions that you wanted to remember you allowing you to log in automatically won't work.
If you are a web developer you need to be aware of the privacy laws surrounding cookies. Like we mentioned before they can be used for tracking users without consent and it's against the law. Following these guidelines will help you be compliant:
- If your site is based on EU or targets EU citizens you must notify the user that cookies are being used and allow them to acknowledge it.
- If you have paid advertisement or the placement of affiliate ads on your site you need to disclose that information in an obvious way.
Following these guidelines will make sure that you are on the right side of the law. We aren't lawyers and are not providing legal advice. If you have any questions about the topic consult a lawyer before collecting any data.
Cookies are an important and integral part of the web. They provide critical functionality for some applications but can be a huge privacy issue. Educating yourself on its use cases and dealing with them will protect you on how best to use them and limit the risk involved with them.
Happy Coding! 🚀