HTTP cookie

Purpose

Cookies can contain any arbitrary information the server chooses and are used to maintain state between otherwise stateless HTTP transactions. Typically this is used to authenticate or identify a registered user of a web site without requiring them to sign in again every time they access that site. Other uses are maintaining a "shopping basket" of goods you have selected to purchase during a session at a site, site personalisation (presenting different pages to different users), and tracking a particular user's access to a site.

Opposition to cookies

Some people are opposed to cookies on the web, in a few cases inordinately so. Below are some of their reasons.

Identifying browsers

Perhaps the most fundamental objection is that cookies don't identify a person, but merely a web browser. For example, if I borrow your computer, a web site that I visit might think you were visiting. Conversely, if you install a new web browser or begin to use a new computer, a web site will almost certainly fail to recognize you.

Privacy and anonymity

Cookies also have some important implications with respect to a user's privacy and anonymity on the web. One way is that some companies monitor users' visits to disparate web sites for marketing purposes. For example, today you could visit a web page about collies, say. On that page, an image (from the monitoring company's webserver, which we'll call "the monitor") gives your browser a cookie, unknown to you. A few days later, you visit a web page about boats, and an image on that page, also from the monitor, lets it know that you're the same one who was interested in collies. Next week, you find a doorstop on the web and decide to purchase it online. The doorstep vendor's form also has an image from the monitor, which connects the dots. Soon, you're getting e-mail spam trying to sell you products related to collies and boats, even though you never told those websites who you were.