Unfortunately, they are not. HTTP cookies function more like locker-rental tokens than crunchy, delicious treats. When you rent a locker over a counter, the counter staff usually passes you a token with information on it (such as the locker’s unique identification number or code). At the end of the rental period, you pass the token back to the counter staff who will be able to read information from the token to open the correct locker to return your items to you.
What HTTP cookies are, is a collection of small files of information that a web server generates and passes to your web browser through a header, which will store them on your device. Different types of cookies store different information for specific purposes. For example, a web browser may issue a cookie to your browser storing information identifying your account after you have logged into an e-commerce site. Through the cookie, when you browse the site, the server is able to identify that it is your account that is currently active on the site.
While there are many different types of HTTP cookies, there are a number of important cookies that you should be familiar with:
A session cookie, as the name implies, tracks a user's session to let the web server know that the user is still actively browsing the site. Browsers normally delete session cookies when the browser window is closed. Session cookies do not contain an expiration date; this is how browsers know that they can be safely deleted when the browser window is closed (i.e. the session has ended).
Persistent cookies, as the name implies, persists on the device and are not deleted when the browser window is closed. These cookies remain on the device for a predetermined length of time and therefore comes with an expiration date. Persistent cookies can be either first-party or third-party cookies.
First-party cookies are cookies that are issued by the web server of the website that you are visiting. Persistent first-party cookies can improve your website experience by keeping you logged in so that you do not have to re-enter your credentials again after closing the browser window.
Third-party cookies are cookies that are not issued by the web server of the website that you are visiting. A very common third-party cookie is the tracking cookie, which are often used by organizations to record details about a user’s browser activity over a period of time, such as actions on a site, browsing history, purchases, IP address, and geographical location.
Tracking cookies are considered a breach of user privacy as they are often placed to collect information about the user without the user’s explicit consent. Most internet users are often unaware of the presence of tracking cookies that are recording details about their browsing activity. What many browsers now offer is the option of automatically blocking third-party cookies to better protect user privacy.
Secure cookies are cookies that must be transmitted by the HTTPS protocol and cannot be transmitted via unencrypted HTTP. This way, cookie information is less likely to be stolen as it is transmitted between the browser and the web server. A cookie is turned into a secure cookie by adding the “secure” flag to it.
Zombie cookies are like the undead. No matter how you delete or “kill” them, they are automatically recreated. Such cookies are typically stored in various different locations on the device so that the cookie is destroyed, it is recreated from these copies. An example of such a cookie is the wildcard cookie.
HTTP is a protocol used to connect to web servers by web browsers to request content to view. This is also used to transfer larger files, and is often used for software updates.
HTTP Headers are used to relay information between a server and a client (i.e. responses from a server will contain these "headers").