University of Silesia in Katowice

December often puts us in a Christmas mood. We have Saint Nicholas’ Day, Saint Barbara’s Day, and finally preparations for Christmas. But not everyone knows that on 4 December in America, the celebration of Cookie Day was initiated. Who doesn’t like to treat themselves to their favorite type of cookies from time to time – whether soft or crunchy, salty or sweet, there are so many types that everyone will find something for themselves. Nevertheless, even if we are on a diet, there is a certain type of cookies that we can use in large quantities with impunity – those encountered when browsing the Internet.

Consent to cookies!
Who among us has not at least once come across a message informing that this website uses cookies? Even opening the website of the University of Silesia for the first time (https://us.edu.pl/en/), we are greeted by a message saying: “By using this website, you consent to the use of cookies in accordance with the current browser settings”. Of course, the multitude of these messages results primarily from the introduced amendment to the Telecommunications Law (Act of 16 July 2004), and more specifically Articles 173 and 174, in simplified terms, regulating the storage and access to information located in end devices of the users. Although the aforementioned act does not directly mention the concept of cookies, it is here that it is used. Currently, in order to be able to legally use cookies, the user must be clearly and directly informed about them, as well as consent to their use. However, putting aside the legal issues for the moment, have you ever wondered, Dear Reader, what exactly are these cookies?

Cookies – a story not from a pastry shop
Contrary to appearances, the answer to the question posed at the end of the previous paragraph is not so obvious. By typing “What are cookies?” into the search engine, we can find out that these are small text files saved by the website, IT data stored on the user’s end device after visiting a given website on the Internet, or small pieces of information sent by the website. So there seems to be some inconsistency here.

What can it result from? For example, from the form of storing the mentioned cookies – it does not have to be a collection of text files. You can then imagine a browser that stores all cookies in a dedicated database. However, we usually do not need to worry about the actual implementation by the web browser of how cookies are stored and accessed. Much more important seems to be the answer to the question “Why was this whole mechanism invented?”.

We owe both the term “cookies” and the way they are used on the Internet mainly to the programmer Lou Montulli, who then (in 1994) worked at Netscape Communications Corporation. Slightly older readers may even recognise the Mosaic Netscape browser released in the 90s (which later changed its name to Netscape Navigator/Communicator). Incidentally, it was the work done by Netscape that became the foundation for the creation of the Mozilla Firefox browser, which is still popular today. Let’s consider, then, why were cookies used (and are still used today)?

When browsing websites, we most often use the HTTP protocol (or rather its safer version, HTTPS, which includes encryption). This protocol takes into account a set of unified rules on how communication between the client (web browser) and the server that provides websites should look like. Websites usually have a number of references (commonly referred to as links) to other parts of a given website, or even other interesting resources on the Internet (hence the first letters in the name of the HTTP protocol refer to its so-called hypertext nature). Perhaps you used Wikipedia or another online encyclopedia, and thanks to the numerous links contained in the body of a given article, you could easily go to related additional information. However, HTTP (version 1.X) is said to be a stateless protocol. This means that when going from one website to another (or simply clicking on another link), the protocol itself does not provide us with, for example, tracking or control over the user’s session and their actions on various sections of the website.

You go to any shop and you find… cookies!
And it is this possibility of tracking a given user’s session that is the basis for the operation of e.g. any online store. It is this element that allows us (after logging in to the online store) to smoothly navigate through your account or store’s offer, add products to the virtual basket or schedule payment – all within one shopping process (session). And where are the cookies in all this? It is within cookies that information about a given user session is often stored – these can be, for example, products added to a shopping cart (in an online store), which we have not bought yet at a given moment, but after a second visit to our account, the same products may still be waiting for us in the basket.

Similarly, thanks to cookies, we can have our login details remembered – after all, many websites offer the “remember password” option in the login form, thanks to which we do not have to enter it again after visiting a given website. Of course, there are many more uses of cookies – adjusting the content of the website to the user’s preferences, helping in collecting visit statistics or better profiling in terms of displayed advertisements. It can therefore be said that the web browser constantly saves some cookies or sends their content to a specific website so that our interaction with websites is free of unnecessary complications.

More about cookies?
I encourage more inquisitive Readers to get to know the RFC6265 specification, which defines the so-called HTTP State Management Mechanism, including Cookie and Set-Cookie headers, thanks to which all this (often invisible to us at first glance) communication between the browser and the web server takes place.