7 Types of Browser Cookies You Should Know?

Cookie notices have been ubiquitous since the GDPR came into force and since the European Union voted to provide a mandatory cookie warning in 2012. Cookies are basically pieces of code that websites save to a user's web browser when a session starts. But not all cookies are born equal. In fact, there are many different types of cookies out there. Some are good, some are bad. Here are 7 Types of Browser Cookies You Should Know.

1. Session Cookies

Imagine you're trying to shop on an e-commerce site, if you can't fill your cart until you're ready to check out. You have to remember all the items you want to buy while browsing the site. Without Session Cookies, that situation would become a reality.

It's easy to think of session cookies as a website's short-term memory. They let the site recognize you when you move from page to page within their domain. Without Session Cookies, you will be treated as a new visitor every time you click on a new internal link.

These types of cookies do not collect any information about your computer, and they do not contain personally identifiable information that can link sessions with specific users. Session Cookies are temporary, when you close your browser your computer will automatically delete them all.

2. First-Party Cookies

The next type of browser cookies are First_Party Cookies or commonly known as persistent cookies, permanent cookies, and stored cookies, First-Party Cookies are similar to the long-term memory of websites. They help sites to remember your information and settings the next time you visit them.

Without these cookies, the site will not be able to remember your preferences such as menu settings, themes, language selection, and internal bookmarks between sessions. With First-Party Cookies, you can make a choice on your first visit and it will be consistent until the cookies expire. Most persistent cookies expire after a year or two. If you do not visit the site within the expiration time, your browser will delete cookies or you can delete them manually.

First-Party Cookies also play an important role in user authentication. If you disable it, you will have to re-enter your login credentials every time you visit the page. On the downside, companies may use persistent cookies to track you. Unlike session cookies, they record information about your browsing habits while they are active.

3. Third-Party Cookies

Third-Party Cookies or third-party cookies are bad cookies. They are the reason that cookies have a bad reputation among internet users. In the case of First-Party Cookies, the domain of the cookie will match the domain of the site you are visiting. While Third-Party Cookies come from a different domain.

Because they do not originate from the site you are viewing, these third-party cookies do not provide the benefits of session cookies and First-Party Cookies that we have just described earlier. These Third-Party Cookies can perform tracking in various forms, cookies can learn about your browsing history, online behavior, demographics, shopping habits, and much more.

Because of their ability to track, Third-Party Cookies have become a favorite of ad networks in an effort to increase their sales and page views. Currently, most browsers provide an easy way to block Third-Party Cookies.

4. Secure Cookies

This type of Browser Cookies can only be used for HTTPS websites, i.e. cookies with encrypted data. As long as the “Secure” attribute of cookies is active, user agents will not send cookies over unencrypted channels. Without the secure flag, cookies are sent in clear text and can be intercepted by unauthorized third parties.

However, even with the secure flag, developers may not use cookies to store sensitive information. In practice, this flag only protects the confidentiality of cookies. Network attackers can override secure cookies from insecure connections. Especially if the site has HTTP and HTTPS versions.

5. HTTP-Only Cookies

Secure cookies are often HTTP-only cookies as well. The two flags work in tandem to help reduce the vulnerability of cookies to cross-site scripting (XSS) attacks. In an XSS attack, a cracker injects malicious code into a trusted website. Browsers can't be sure that scripts shouldn't be trusted. Therefore, scripts can access browser data about infected sites, including cookies. Secure cookies are not accessible by scripting languages (such as JavaScript), thereby protecting them against such attacks.

6. Flash Cookies

Flash Cookies are the most common type of supercookies. In case you weren't aware, supercookies perform many of the same functions as regular cookies, but they are more difficult to find and delete. In the case of Flash Cookies, the developer uses a Flash plugin to hide cookies from your browser's native cookie management tool.

7. Zombie Cookies

Zombie Cookies are closely related to Flash Cookies. Zombie Cookies can instantly regenerate themselves if someone deletes them. Recreation is possible thanks to backups stored outside of the browser's regular cookie storage folder, often as Flash Local Shared Objects or as HTML5 Web Storage. Reaction relies on Quantcast technology. Because Flash Cookies store unique user IDs in the Adobe Flash player cache bin, Quantcast may re-apply them to new HTTP cookies if old ones are deleted.