A system invented by Netscape
to allow a web server
to send a web browser
a packet of information that will be sent back by the browser each time it accesses the same server. Cookies can contain any arbitrary information the server chooses to put in them and are used to maintain state
between HTTP transactions
, which are otherwise stateless. Typically this is used to authenticate or identify a registered user of a website
without requiring them to sign in again every time they access it. Other uses are, e.g. maintaining a "shopping basket" of goods you have selected to purchase during a session at a site, site personalisation (presenting different pages to different users) or tracking which pages a user has visited on a site, e.g. for marketing purposes.
The browser limits the size of each cookie and the number each server can store. This prevents a malicious site consuming lots of disk space. The only information that cookies can return to the server is what that same server previously sent out. The main privacy concern is that, by default, you do not know when a site has sent or received a cookie so you are not necessarily aware that it has identified you as a returning user, though most reputable sites make this obvious by displaying your user name on the page.
After using a shared login, e.g. in an Internet cafe
, you should remove all cookies to prevent the browser identifying the next user as you if they happen to visit the same sites.
Cookie Central (http://cookiecentral.com/c_concept.htm).