Cookies

What are Cookies?

Cookies are text files that websites place on visitors' computers to store a range of information, usually specific to that visitor - or rather the device they are using to view the site - like the browser or mobile phone.

They were created to overcome a limitation in web technology.  Web pages are 'stateless' - which means that they have no memory, and cannot easily pass information between each other.  So cookies provide a kind of memory for web pages.

Cookies allow you to login on one page, then move around to other pages and stay logged in.  They allow you to set preferences for the display of a page, and for these to be remembered the next time you return to it.

Almost all websites use cookies in some way or another, and every page you visit in those sites writes cookies to your computer and receives them back from it.
For a more detailed explanation of what cookies are, including a searchable database of what cookies are set by different sites, take a look at Cookiepedia - the knowledge base that is all about cookies.

Types of Cookies

First Party Cookies

One of the key attributes of a cookie is its 'Host' - this is the domain name of the site that ultimately sets the cookie, and therefore is retrieved by on a subsequent visit.

If the host name is the same as the domain in the browser address bar when it is set or retrieved, then it is a First Party Cookie.

Third Party Cookies

If the host domain for a cookie is different to the one in the browser bar when it was downloaded, then it is a third party cookie.

These are typically used by advertising networks which display adverts in multiple sites.  Whenever you visit a site displaying that company's adverts, their cookies are set and retrieved from the browser.  In this way the advertiser can 'track' the websites visited by that browser - and by inference build up an understanding of what the person using the browser is interested in.

Session Cookies

Session Cookies are only stored temporarily in the browser's memory, and are destroyed when it is closed down, although they will survive navigating away from the website they came from.

If you have to login to a website every time you open your browser and visit it - then it is using a session cookie to store your login credentials.

Persistent Cookies

As the name suggests, this type of cookie is saved on your computer so that when you close it down and start it up again, it will still be there.  All persistent cookies do have an expiry date, and if that expiry date is reached, it will be destroyed by the computer.  If the expiry date is not set, or is in the past, then it is a session cookie.

However, there is no real limit on the expiry date - so it could be set to be 20 years in the future.  In addition, if you revisit the website that served up the cookie, it will automatically place an updated version on your computer - with a revised future expiry date.

If you login into a website, then shut down your computer, start it up again, and go back to the website to find you are still logged in - then it is using a persistent cookie to remember you.

Persistent cookies are also used to track visitor behaviour as they move around a site, and this data is used to try and understand what people do and don't like about a site so it can be proved.  This practice is known as Web Analytics.  Since Google started providing its own analytics technology free of charge to website owners, almost all websites use some form of it - although there are also paid-for services available to rival Google's.

Analytics cookies are probably the most common form of persistent cookies in use today.

Secure Cookies

Secure cookies are only transmitted via HTTPS - which you will typically find in the checkout pages of online shopping sites.

This ensures that any data in the cookie will be encrypted as it passes between the website and the browser.

HTTPOnly Cookies

When a cookie has an HTTPOnly attribute set, the browser will prevent any client script in the page (like JavaScript) from accessing the contents of the cookie.

This protects it from cross-site-scripting (XSS) attacks, where a malicious script tries to send the content of a cookie to a third party website.

Cookies used by this site

Google Analytics

Google Analytics uses cookies to collect anonymous site usage data. This is done by using the following first party cookies.

Name

Description

_utma

This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. In most cases, this cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.

_utmb

This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.

_utmc

This cookie is no longer used by the ga.js tracking code to determine session status.
Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session.

_utmz

This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.