The Web server sends a message to the browser when the browser connects for the first time. The browser stores the message in a text file. The message is then sent back to the server each time the browser requests a page from the server.
This mechanism was developed by Netscape to make up for the stateless nature of the HTTP protocol. Normally, each time a browser requests the URL of a page from a Web server the request is treated as a new interaction. This behaviour makes it difficult to “remember” the user’s actions over an extended period of time. Cookies solve this problem.
There are four kinds of cookies:
- Session cookies last only for the session. They are erased when the user closes the web browser
- Persistent cookies remain even after the session is closed. They are stored on a user’s hard drive until they expire (persistent cookies are set with expiration dates) or until the user deletes the cookie. Persistent cookies are used to collect identifying information about the user, such as Web surfing behaviour or user preferences for a specific Web site
- First-party cookies belong to the site where you chose to go
- Third-party cookies are fetched from a site whose content is retrieved indirectly for example through an image tag.
The majority of browsers support them (Internet Explorer, Mozilla Firefox, Netscape, Safari, etc.). However, users can set their browsers to decline cookies, or they can delete their cookies at will.
What are they used for?
The main purpose of cookies is to identify users and possibly prepare customized Web pages for them. For example, when a user enters a Web site using cookies, he may be asked to fill out a form providing such information as his name and interests. This information is packaged into a cookie and sent to his Web browser which stores it for later use. The next time he goes to the same web site, his browser will send the cookie to the Web server. The server can use this information to present the custom web pages. So, for example, instead of seeing just a generic welcome page he might see a welcome page with your name on it. Common cookies which companies use are find info (Online Ordering Systems, Site Personalisation, Website Tracking).
How are they built?
A command line in the HTML of a document tells the browser to set a cookie of a certain name or value including:
NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME;
The server can include other name and value pairs.
A browser is only required to store up to 300 cookies overall and maintain only the last 20 from each domain. The maximum size of a cookie is 4K of disk space.
The two current versions of the cookie specification are Version 0 and 1. Version 0 has the broadest level of support among browsers, but with version 1 it is possible to create a list of key-value pairs as the values are stored by the cookie.
Good Internet etiquette dictates destroying cookies as soon as they are no longer needed.
A cookie is just a plain text file. It isn’t an application or even a script, so it can’t read files from the hard drive or actively communicate with a Web server. Other servers cannot access cookies if they did not set them.
Use on EUROPA
It is important that EUROPA follows the Commission's guidelines on privacy and data protection and reassures users that cookies are not being used in any intrusive way.
- cookies can only be used without explicit permission if they are limited to the current session
- in the rare case where a cookie must be stored beyond the current session, explicit permission must be obtained, including an explanation of why it is necessary and the expiry period must not exceed one year. Furthermore the exact information which will be gathered must be listed and an assurance given that it will not be used for any purpose other than the one stated
- if refused, the cookie must not simply try again indefinitely, nor must access to the site be refused