What the heck are cookies and why do I have so many of them?

Mmmm cookies.  There’s nothing like a box of Pepperidge Farm cookies.  Chessman are my favorite.

No wait, I actually like Walkers Shortbread Fingers more.  They’re so delicate and buttery and just plain delicious.  But unfortunately today we’re not talking about those kinds of cookies.

I’m sure you’ve heard of computer cookies but maybe you never really understood what they do.  Today I’m going to show you how to answer the top three questions most people have about web cookies:

  • Why do we have browser cookies?
  • Can I catch a computer virus from cookies?
  • Can too many cookies slow down my computer?

I’ll also show you:

  • How to view all the cookies on your system
  • Exactly what a cookie looks like
  • How to block third-party cookies

That’s a lot of stuff so let’s get started!

Let’s start with a real world example:

When you sign-in to Amazon.com and add items to your shopping cart, you’re using cookies.  The server sent your browser a cookie the first time you created an Amazon.com account.  This is so it could remember your credentials and automatically sign you in the next time you loaded the site.  You also used a cookie when you added items to your cart.

Why cookies exist

A web cookie is just a text file that records stateful information pertaining to a particular web site.  Cookies provide a way for your web browser and the web server to communicate with each other.

Usually the cookie self-destructs after a specified period of time.  This is why if you login to Amazon.com but forget to logout you usually have to manually enter your login credentials (assuming a sufficent amount of time has elapsed).

But not all cookies are nice.

The bad, stale cookies are called Persistent Cookies, or Tracking Cookies, and they stay active for an indefinite period of time.  Sometimes advertisers will drop a cookie on your computer and set the Max-Age attribute to a year or more.  Since the browser automatically sends cookies to the server on each visit, advertisers can use this data to collect your browsing habits and send you targeted advertising.  This is also known as a Third-party cookie because the cookie is sent from a third-party rather than directly from the domain you visited.

For example, when you logged in to Amazon.com, your browser received a first-party cookie because it was sent directly from the domain name in the address bar: Amazon.com.  But let’s say the Amazon homepage contains an ad from a fictional ad network: ad.nosyadveretisingcompany.com.

When you visited Amazon.com, your browser also downloaded an ad from ad.nosyAdvertisingCompany.com too.  Now since ad.nosyAdvertisingCompany.com is a huge company they advertise on a bunch of big sites including Facebook.com.

When you login to Facebook and check your Wall you get another cookie from ad.nosyAdvertisingCompany.com.  So now nosyAdvertisingCompany has two cookies linked to you: one from Amazon.com and the other from Facebook.com.

This information gets sent up to nosyAdvertisingCompany.com’s servers and over the course of weeks and months the nefarious ad agency begins to chronicle your browser history.  This is a obviously an internet privacy problem because it allows the advertiser to surreptitiously create a profile of your browsing behavior by using data culled from multiple sites.  Some particularly pernicious ad agency sell your private data and even make a profit from it!

That’s pretty jacked up right?  Can’t they at least give you a kick-back from sales?

Nope.

So that’s what a cookie is.  Now we need to look at how safe they are.

Can I get viruses from cookies?

Cookies don’t contain viruses, malware, spyware or anything like that.

I repeat: you cannot get a virus from a cookie.

A cookie is just a text file with bits of text sprinkled inside about user preferences and session data.  A cookie is benign.  If you’ve every used an antivirus program to scan your computer and discovered cookies in the results, you might have concluded that cookies are virulent; however, that technically incorrect.

Most antivirus programs scan for many things in addition to viruses so tracking cookies often appear in the results because they’re invasive not because their virulent.

Also since cookies are simply text files with no executable code they can’t really do anything.  For example, pop-ups and pop-under ads can’t be caused by cookies but cookies could be used to track which ads popped on your screen.

That’s the difference.

Can too many cookies slow down my computer?

Well, yes and no.

Technically a surfeit of cookies would slow down your browser not the entire computer.  The more sites you visit the more cookies you’ll download and the more times you revist those sites the more cookies you’ll send back to the server.  As the list burgeons browser performance declines because the browser needs to parse a longer list of cookies to see which one to hand off to the server.

That’s why I’m going to show you how to clean up cookies in Chrome to improve performance.  It’s actually pretty easy – you just find them and click Remove.  I’ll show you.

First, let’s take a look at all the cookies on your system.

Each browser has its own way of dealing with cookies but today I’m just going to focus on Chrome.  Because I mean… Chrome rocks doesn’t it?

Looking at those cookies

Let’s get going:

Viewing cookies in Chrome

Open Chrome and type the following in the address bar:

chrome://settings/cookies

An empty Cookies and site data box should appear but after a few seconds you should see voluminous list of cookies.

By the way, if you click Remove all in the upper right corner of the browser you’ll zap all your cookies.  Yay!

Viewing Cookies in Chrome

By default, Chrome groups cookies by site.

If you click the cookie you can actually view the contents of the cookie.

For example, I clicked a cookie category for dell.com and can see I have a total of 10 cookies.  Let’s look at the first one named ASP.NET_SessionID.

Looking at locally stored cookie data in Chrome

You can see all the crumbling cookie goodness here:  For example I can see when the cookie was baked (created) and when it expires (always eat the box before the expiration date!)

Also notice the Content attribute contains an arbitrary string that looks like garbage text:

b2f31zhqup24si40sb410t2c

That’s because this is a specific kind of cookie known as a Session Cookie.

Basically, a web browser needs a way to answer this question:

I’m a web browser.  Now here’s my flummoxing question: how can I recognize a unique user browsing from page to page on the same website? How can I link together all those individual pages on the same domain and know that a specific user was browsing during that time?

Session Cookies solve the conundrum.

The problem is that web servers have no innate way of connecting multiple pages to a specific user session.

In other words, the server sees each page request from the same person as a new unique HTTP request so Session Cookies help browsers recognize that all those requests came from the same user.

Thanks to Session Cookies when I went to Dell’s website and started browsing from page to page it didn’t ask me to login on each page and update my cart on each page.  The session ID, that weird string next to the Content attribute in the cookie, connected all those HTTP requests to me.

So Session Cookies are good.

Also, notice in the screenshot that the Expires attribute is set to “When the browsing session ends”.  This means the cookie is set to kill itself when I close the browser.  This also explains why I lost the items in my cart after I revisited dell.com.

Wait, I’m still curious what’s inside that cookie

Good! You’re like me!

So this is the thing: Chrome stores the cookie files as SQLite file so you can’t just open the cookies in Notepad.

But I’ll show you how to get around that right now – check this out yo.

For Chrome, press the Windows logo key + r and paste in the following path.  Just make sure you replace vhudson with your computer username.

c:\Users\vhudson\AppData\Local\Google\Chrome\User Data\Default\

Where does Chrome store its cookie file?

All of your cookies are in the file aptly named Cookies.  It doesn’t have a file extension.

Chrome Cookie File

We need a SQLite database browser to view the cookies.

You can easily do this by visiting sqlitebrowser.org and downloading the Windows executable.

SQLite DB Browser

Just breeze through the installation and keep all the defaults.  I didn’t find any spyware or annoying offers to avoid.

Now when the SQLite application opens, click Open Database in the top bar and browse to:

c:\Users\vhudson\AppData\Local\Google\Chrome\User Data\Default\Cookies

Then just click the Browse Data tab to view the yummy goodness!

Browsing Chrome Cookies using SQLite

Oh! I almost forgot something: you can also view all the cookies directly in the browser, for a given site, using the Chrome Developer Tools.

Go to a site you visit often and press F12.

The Chrome Developer Tools pane slides into view from the bottom part of the browser.  You’ll see a lot of confounding HTML, CSS and Javascript crap in there but there’s no need to panic.

Using Chrome Developer Tools to view cookies

You see that horizontal bar that has the little magnifier glass with all those buttons across the top?

  • Elements
  • Network
  • Sources
  • Timeline
  • Profiles
  • Resources
  • Audits
  • Console

Just click Resources and then in the left pane expand the green database icon labeled Cookies.

And Bam! There are all your cookies for that domain.

If you right-click a row in the right pane you can delete the individual cookie or even all cookies from that domain.

Deleting cookies using Chrome developer tools

I exhort you to look at the different columns and explore the values here.  You’ll learn a lot from simple exploration!

Blocking third-party cookies in Chrome

Okay so the fun is almost over but I feel compelled to show you how to block third-party cookies in Chrome.

Your privacy is crucial and advertisers shouldn’t track your internet activities without your consent.

Type the following into the Chrome address bar:

chrome://settings/content

Blocking third-party cookies and site data in Chrome

Now put a check mark in Block third-party cookies and site data and click Done in the bottom right corner of the window.

The Bottom Line

In summary, we learned that cookies are just text files and are completely impotent when it comes to infecting your computer.  We explored why cookies exist and explained that having too many cookies can slow down your computer.  Then I showed you how to view (and remove) your cookies in Chrome using three ways:

  • chrome://settings/cookies
  • c:\Users\vhudson\AppData\Local\Google\Chrome\User Data\Default\ (using the SQLite DB view to view the Cookies DB)
  • Using the Resource tab in Developer Tools (F12)

Finally, I rounded off the post with a quick and painless way to block third-party cookies.


 

If you liked this post and want more stuff like this, consider joining my team.  In the right rail you’ll see a little sign-up box to become a member. Just drop your name and email in there and I’ll send you exclusive original content that I don’t see to non-members.

In the meantime, I’m curious what you think about cookies.

Did you learn anything new?  Did you discover lots of cookies on your computer? Share your thoughts in the comments below!

And as always, thank you for taking time out of your busy day to read my blog.  Cheers!

About

Connect with Vonnie on Twitter

Posted in Google Chrome, Internet Explorer 10, Internet Explorer 11, Internet Explorer 9, Mozilla Firefox, Opera, Safari, Web Browsers Tagged with: ,