Cookies may be kept only in memory -- session -- or stored on disk -- persistent. In addition to storing information, cookies also have an expiration time and date that are set by the web site. Cookies can be non-secure -- read and written via http -- or secure -- read and written only via SSL. The security referred to is whether the transmission of data is in plain text, not whether the data is stored in some special way on the server or in the client.
Computers that are used by multiple users, stolen laptops, etc may contain cookies that will allow intentional or inadvertent access to financial data, credit card information, user accounts, etc. Cookies are sometimes largely in plain text. Skimming through them off line looking for information is trivial for anyone with minimal computer skills. There are programs to help in cookie perusal, but they really aren't needed. Some sites encrypt sensitive data they store in cookies. Some don't. Some encryption is very effective. Some isn't. Cookies are subject to various attacks by malicious programs or sites including theft --stealing the contents -- and poisoning --altering the contents.
Amazon has patent (US6714926) on using browser cookies to store structured information -- whatever that means.
Return To Index Copyright 1994-2002 by Donald Kenney.