Welcome to the internet, where a delicious snack can also be a vital piece of website “infrastructure” and functionality. Yes today, as by the title, we are talking about website cookies. We are examining what cookies are in the website space, why they’re used and important, and even how they can be dangerous. Let’s get started.
Cookies are actually mini text files that your browser stores. They store data that is often repeated or otherwise inconvenient for a user to repeat. This does not mean that the data being stored is not important. For example, probably the most common use of a cookie is to store website login information. They have many uses though, and also are seen with website preferences or shopping cart data.
Cookies are great for users. Many of us do not remember our passwords for every login that we use and so we rely on a cookie to log us into the sites we regularly visit. By the way, switch to something like a Keepass for this as soon as possible, more on that later!
Cookies also hold other convenient data. Have you ever closed a browser window where you were putting together a cart, and then when you opened it the next day, the cart remained? That’s so helpful! Some people have lots of cookies for different sites and some sites have more than one cookie that they use for different data. These are great but there are also drawbacks to them.
Here is something that is very important. The next time you want to save your login to a site, think about this. Session hijacking, aka cookie hijacking, is when a threat actor steals the cookie used between a client and server.
This is accomplished through a variety of methods, but a common one would include something like a man in the middle attack or through a packet sniffer to obtain the packet containing the cookie. If this occurred, it is possible that all data stored in that cookie, including login information, could be compromised. That is a high risk!
Cookies are incredibly useful tools for keeping monotonous data from being repeated every time we visit our favorite sites. Next time you are asked if you want to enable cookies on a website, view the company’s policy and see what data they store. You may be surprised.