A cookie is a record that is stored by a web server on the user's hard drive. The file received is a combination of characters consisting of numbers and letters, which assigns a certain identity to the user (client). They may not exceed a maximum size of 4 KB and contain, for example, information about the duration of the visit or what the user clicked on. When the customer or user returns to the website later, the cookie information is sent back to the server. The aim is to recognize the user and their settings.

How does it work?[edit]

There are two possibilities for how cookies can function on a website:

  • A cookie can be transmitted via the header for requests and responses via HTTP. Cookies are created in the client when an additional cookie line with the HTTP headers is transferred when a website is accessed.
  • A cookie can be generated locally by JavaScript, Java or a similar scripting language and thus transferred. The respective script is always located in the website which is transmitted by the server.

Cookie information is then stored locally in the browser, usually in a cookie text file. When the web server is subsequently accessed again, only those cookies that have the same domain as the web server are selected by the client browser. This cookie data is then transferred in the header of the web access, whereby they are sent back to the web server from which they once originated.

In general, cookies can be transferred with any transmitted file, including image files or any other file type. This also applies to embedded elements (e.g. advertising banners) from other servers, whereby a single website can lead to several cookies from different servers.

Cookie Switches[edit]

Users often visit several websites that are not always part of the same network, and they receive a cookie in each case. In such cases it can be difficult to assign the cookie to the right network.

If a user buys a product in an online shop and has previously visited another network, cookie points ensure that the assignment is correct and that only the cookie is viewed by the tracking system that led to this purchase. This prevents multiple remunerations and provides a fair and transparent way to distribute or allocate commissions within several affiliate networks.

Technical implementation of a cookie switch[edit]

In order to technically realize cookie points, tracking and existing cookies are extended with special parameters and directories that enable the identification of the triggering network. The query in the cookie switch itself, which occurs at the end of the customer-journey, shows exactly the cookie that triggered the purchase. Some providers offer special solutions that include both conventional tracking and corresponding cookie switches.

Administration of cookies[edit]

Cookies are managed exclusively by the client and stored or deleted as desired. Many browsers allow the user some setting options for the handling of cookies:

  • Do not accept cookies
  • Only accept cookies from the server of the accessed page (no cookies from third party servers)
  • Ask permission from any cookie user
  • Delete all cookies when closing your browser

In addition, mostly administrative actions such as viewing the cookie data or deleting individual cookies can be performed. The client can independently change, empty or delete the contents of cookies.

Applications of use[edit]

  • Cookies are usually used to store personal settings for visited websites (e.g. forums, social networks). This saves the user having to constantly register new when they visit the same webpage, and can pursue usual activities comfortably.
  • Nowadays, most online shops use cookies to collect goods selected by the user in a virtual shopping basket. This enables the customer to continue browsing the website and to take full advantage of the offer of the provider. The cookie stores a session ID of the user, which assigns them the respective shopping basket and the article identifiers contained therein.
  • Cookies are also suitable for caching user actions and entries when connection to the server is terminated. In this way, the lost information can be retrieved from the server when the connection is restored. The respective web application recognizes the sequence of the generated cookies and marks already processed cookies or deletes their contents. As a result, no data is lost and the application can be executed as before after termination.


  • Tracking

A source of danger is the misuse of the unique recognition of the client. Cookies can be used to create user profiles about a user's surfing behavior. An online shop can use this data for sending target group-oriented web mails. In addition, other servers can also use image files (advertising banners, tracking pixels) to set so-called third party cookies (English for cookies from third parties). These are also known as "tracking cookies" and lead to the fact that the visit of different websites can be assigned to one user. This can be used to draw conclusions about user-specific interests and websites can be modelled ("personalised") accordingly.

  • Public Internet access

In environments where several users have access to the same computer (e.g. in schools, Internet cafés), there is a risk that valid cookies may still be used or even abused by the subsequent user of the computer for the continuation of a session. This can be prevented by deleting all cookies before closing the browser or, if necessary, by setting a corresponding browser setting.

  • Cookie dropping

Cookie dropping refers to a fraud procedure that starts with cookie tricking and is not visible to the normal user. Normally, cookies are only stored in the browser of the Internet user when an active click on the respective advertising medium takes place. With cookie dropping, however, these clicks are generated artificially, i.e. without the user actively acting. If now the Internet user executes a transaction on the provider side in the further course of his Internet activity, the fraudulent owner of the agent homepage would be identified and receive a commission. Since cookie dropping also simulated clicks on malware or infected websites, this procedure can be regarded as Internet fraud.


Cookies offer both advantages and disadvantages for the respective client. A compromise in the handling of cookies could be achieved by configuring the browser in such a way that persistent cookies are not permitted or only against consultation. This makes it difficult to create user profiles and session cookies can also be automatically permitted, for example for web purchases. In addition, most browsers offer the option of selectively accepting cookies for certain domains and rejecting non-server cookies from third parties without being asked. These individual protective measures can be taken primarily via small additional programs (add-ons). This allows cookies to be generally deactivated and exceptionally permitted if a registration with an online service is to be made.

Reference to SEO[edit]

In the field of search engine optimization, success can be achieved by improving and perfecting the search engine friendliness of the website. One aspect of this is the guarantee that the search engine crawler can easily visit all links on the website and that important, information-rich pages can be indexed accordingly. However, pages that can only be viewed by accepting cookies from the crawler program represent an obstacle. Most crawlers are not able to accept cookies and it is therefore not possible to visit the page concerned or index the page.

Web Links[edit]