Cookies are a tool that web developers and designers can use to store data. If you want to do any client tracking or data retrieval, one of the best ways to do this is with persistent HTTP cookies.
What are cookies?
Cookies are, according to Netscape (archived copy):
"a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection."
But what does that mean? It's the way that web pages are sent from the server to the browser. Every time you create a new page, the server starts the page from scratch, losing all information that may have been gathered from a previous page. When you fill in a form, the server takes your entries and interprets them based on the CGI or script to present you with the next page. However, if you then need to go to a third page, the information gathered on the first page is lost to the server, unless it is saved in some fashion.
The most common method to save information is in hidden fields. These are passed to the server along with all the other form entries. But hidden fields require that you always stay within the CGI so that they aren't lost.
Cookies gave web developers the ability to save information from forms onto the client machine. Since the customer is filling out the form or buying the merchandise, storing the information provided on their machine seemed a like good solution. It is more secure than hidden fields, and it allows the customer to go anywhere on a website and not lose the information. In fact, they can even leave your site and come back and the information remains on their computer until it expires.
Some cookies are set once and then go away when the browser is turned off. The other type of cookie, the persistent cookie, is set once and remains on the hard drive until either the space for cookies is full (there is a limited amount) or the time stamp on the cookie expires.
Unjustified Fear of Cookies
There is a lot of fear on the Internet that cookies will damage your hard drive, copy your data or reveal your secret super hero identity. But this is not true. cookies are not dangerous. According to the Computer Incident Advisory Capability (CIAC)
"[the] vulnerability of systems to damage or snooping by using web browser cookies is essentially nonexistent."
In fact, the vulnerability is more in what information you give to the website, than what they can take. If you fill out a form on a website, and give them your name, address, and phone number, they could conceivably store that information in a cookie to retrieve the next time you came to that site. But this is very unlikely. They are more likely to give you a unique ID that is stored in a cookie, and relate that to a database entry with your name, address, and phone number.
In this case, the cookie isn't the problem, it's that you gave information to that website.
The easiest way to secure yourself against the supposed dangers of cookies is to get one of the latest browser versions and turn cookies off. Most modern browsers give you three options: accept all cookies, accept only cookies from the same server, or deny all cookies. Most browsers will aslo alert you when you are prompted for a cookie so that you can accept or decline it. But this can be problematic, as most websites load dozens of cookies the first time you visit.