I have been a bit mystified for the last couple of years as to what cookies are exactly. I have heard the term passed around quite a bit, especially in the last 6 months, by friends, the news, and now in my Software Engineering program. Now, while studying Software Engineering I have finally come face to face with crumbling the cookie when needing to setup a Rails web app that utilizes cookies.
What is a cookie?🍪
Let’s crumble this cookie [the non-eating kind that is] and get to the root ingredients of what a cookie is on the internet, and also what it means for you.
A cookie is more formally called an “HTTP Cookie” or “Browser Cookie”. This name is a shortened version of “magic cookie”, which is a term for the packet of data a computer receives, and sends back without changing or altering it. Essentially a cookie consists of information. When you visit a website, the website then sends the cookie to your computer and your computer happily stores it in a file located in your web browser. Let’s say it is now hanging out there in the browser.
There is a fun tool to explore what cookies are being stored on your browser. Google chrome is equipped with an extension called “Edit This Cookie” 🍪, which allows you to see your saved cookies and rename them.
What does a cookie do?🍪
So, the cookie is storing your activity while online, right? Right! It’s purpose is to help a website keep track of your visits and activity, the thought of this makes me a little leery, and makes me wonder why is a website allowed to keep track of my online activity. While, yes it can be invasive, keeping track of data can actually be a very helpful thing. Without cookies, your shopping cart would reset to empty every time you clicked a new link on a website. Can you imagine how difficult it would be to do online shopping if that happened?
Other examples of cookies in action: a website may use them to record your login information or most recent visit, and this is quite useful so that your passwords can be stored on frequently visited websites.
Another kind of cookie: The Session Cookie. 🍪
There are a couple different kinds of internet cookies.
Session cookies are another type of cookie, and they are used for shorter internet sessions. A session cookie is only used while a person is actively navigating a website, so once you leave the site, the session cookie disappears.
Persistent cookies track whether a user is logged in and then under what name. The law states these type of more permanent cookies must be deleted after 12 months.
Tracking cookies can be used for long-term records of multiple visits to the same site.
Zombie cookies are a type of cookie that are automatically recreated after a user has deleted them. This can be problematic because they are difficult to manage or detect. They are often used in online games to prevent users from cheating, but can be used to install virus type of software onto a user’s device.
The Cookie in Action.
As a programmer, how can you utilize this cookie?
As mentioned earlier, cookies are used to save a logged-in user on a site, so that they don’t get logged out on every page, and also to keep a shopper’s saved cart intact as they browse items on a website. These are perfect scenarios when a Developer will need to implement cookies into their programs.
Using cookies in Rails apps and what that looks like:
As seen below when implementing a cookie, it will have a name, a value, when it expires, and a domain.
In Rails, we have a superpower cookie that is more secure for cookie tracking, and this is called a session. As mentioned earlier a session cookie will be persisted until the user exits the browser.
Here’s an example of implementing code for a ‘session’ with Ruby in a Rails app:
For the use of ‘session’, we can pass in the instance @user object we have created to represent our logged in User. Along with this, we need to create a sessions controller in our app/controllers and pass in our session data, and then read data in app/controllers/users_controller.
The Controversy of the Cookie.
It seems cookies themselves aren’t harmful, but the danger is in their ability to track individual’s browsing histories. The Users’ cookies can be vulnerable to cyberattacks where cookies can be hijacked and someone can access your browsing session.
Of course, businesses can also take advantage of the knowledge that cookies provide about their User, and push notifications to sell you their products, which all can be quite invasive. Know your cookie rights, and pay attention when websites ask for your permission to save your information.