Since the EU (European Union) voted to force websites to display cookie warnings in 2012, browser-based small files have never been more talked about. But not all cookies are created equal. In fact, there are many different types of cookies out there. Some are good, and others not so much. Let's take a closer look at each of the 7 types of browser cookies.
What are browser cookies?
7 Types of browser cookies
1. Session Cookies
Imagine trying to shop on Amazon if you can't fill your cart until you're ready to actually make the purchase? You would have to constantly remember all the items you want to buy while browsing the site. Without session cookies, this situation would be a reality.
It's easier to think of session cookies as a website's short-term memory. They allow websites to recognize you as you move from page to page within their domain. Without session cookies, you would be treated as a new visitor every time you click on a new internal link.
They do not collect information about your computer, and they do not contain personally identifiable information that could link a session to a specific user.
Session cookies are temporary; when you close the browser, the computer will delete all of them automatically.
2. First-party cookies
Also known as persistent cookies, persistent cookies and stored cookies, first-party cookies are similar to the long-term memory of a website. They help websites remember your information and settings when you revisit a page in the future.
Without these cookies, websites would not be able to remember your preferences such as menu settings, themes, language selection and built-in bookmarks between sessions. With first-party cookies, you can make these selections on your first visit, and they will be consistent until the cookie expires.
Most persistent cookies expire after one or two years. If you do not visit the website within the expiration date, your browser will delete the cookie. You can also remove them manually.
First-party cookies also play an important role in user authentication. If you were to disable them, you would need to re-enter your login credentials every time you visit a page.
On the downside, companies may use persistent cookies to track you. Unlike session cookies, they record information about your browsing habits for the entire time they are active.
3. Third Party Cookies
Third-party cookies are bad cookies. They are the reason why cookies have such a bad reputation among Internet users.
Let's remember first-party cookies: In their case, the domain of a cookie will correspond to the domain of the website you are visiting. A third-party cookie originates from a different domain.
Because it's not coming from the site you're visiting, a third-party cookie doesn't provide any of the benefits of session cookies and first-party cookies we've just seen.
Instead, it has a single focus: tracking you. Tracing can take many forms; Cookies can learn about your browsing history, online behavior, demographic information, consumption habits, among other things.
Due to their ability to track, third-party cookies have become a favorite of ad networks, in a bid to increase their sales and page views.
Today, most browsers offer a straightforward way to block third-party cookies. It is highly recommended that you perform the necessary steps in the browser of your choice.
If you are using Google Chrome, go to menu (three dots in the upper right corner) > Settings > Advanced > Privacy and security > Content settings > Cookies > Block third-party cookies.
4. Secure Cookies
The three types of cookies we've covered so far are the best known and most common. But there are a few others that you need to be aware of.
The first is the secure cookie. It can only be transmitted over an encrypted connection. Typically this means that on this site's domain, instead of http:// it will be https://. Also, next to the domain one, you will see a padlock, symbolizing the secure connection. As you can see, Techlifers is https://.
As long as the "Secure" attribute of the cookie is active, the user agent will not transmit it over an unencrypted channel. Without the security flag, the cookie is sent in clear text and can be intercepted by unauthorized third parties.
However, even with the security flag, developers should not use a cookie to store sensitive information. In practice, the flag only protects the confidentiality of a cookie. A network attacker could overwrite secure cookies from an insecure connection. This is especially true if a website has both an http and an https version.
5. http-only cookies
Secure cookies are also often http-only cookies. The two flags work together to help reduce a cookie's vulnerability to a cross-site scripting (XSS) attack.
In an XSS attack, a hacker injects malicious code into trusted websites. The browser cannot tell the script to be untrusted. Therefore, the script can access browser data about the infected website, including cookies.
A secure cookie cannot be accessed by scripting languages (such as JavaScript), protecting you against such attacks.
6. Cookies Flash
A Flash cookie is the most common type of supercookie. A supercookie performs many of the same functions as a regular cookie, but they are more difficult to find and delete.
In the case of Flash cookies, developers use the Flash plugin to hide cookies from your browser's native cookie management tools.
Flash cookies are available for all browsers (so using a credit card in your browser or to download torrents would have negligible security benefits). They can store 100KB of data, as opposed to 4KBb of http cookies.
7. Zombie Cookie
A zombie cookie is closely linked to a Flash cookie. The zombie cookie can instantly recreate itself if someone deletes it. Re-creation is possible thanks to backups stored outside the browser's regular cookie storage folder - usually as a Flash local shared object, or as HTML5 web storage.
The recreation relies on Quantcast technology. As the Flash cookie stores a unique user ID in the Adobe Flash Player storage box, Quantcast may reapply it to a new http cookie if the old one is removed.
