Exploring the Digital Bites of the Internet with Crunching Cookies

By Shiva Gangula
20 mins Read

Have you ever found yourself pondering certain questions while navigating the vast expanse of the internet?

  1. "Why do websites frequently prompt me to allow cookies at the bottom of their pages?"
  2. "How does Amazon seem to know what I'm interested in buying? How, where, and when does it access and utilize my data?"
  3. "Even when I'm not in shopping mode and just browsing something, why does it insist on displaying products that align with my recent searches?"
  4. ”How do they discern my preferred languages and locations, and suggest content accordingly?”
  5. “Additionally, as I embarked on my programming journey, I couldn't help but wonder how, once I log in to certain websites, I'm recognized and can access them seamlessly."

Do you truly wish to uncover these answers? Let's dive into 'Exploring the Digital Bites of the Internet with Crunching Cookies' and discover what lies behind the scenes of cookies with me, and how cookies alone can provide the answers to these interesting questions.

“Cookies," the term used to describe these small data entities, made their debut in the computing world around 1979 when they were first mentioned in the documentation for the fseek routine within the C standard library. During this era, they were initially referred to as "magic cookies." However, their transformative evolution occurred in the early 1990s, when two pioneering computer scientists, Lou Montulli and John Giannandrea, were actively involved at Netscape Communications Corporation.

Lou Montulli is particularly recognized for his pivotal role in crafting the first web browser cookie. He conceived this innovative solution to address a pressing challenge: how to effectively retain stateful information within websites. This dilemma stemmed from the inherent statelessness of the HTTP protocol, which lacked built-in mechanisms for preserving data across multiple user requests.

Let's delve into the basic functionality of cookies, particularly in the context of authentication. For instance, suppose I am an employee of BeyondScale, and I log in to the BeyondScale portal using my credentials. Here's what happens behind the scenes

  • 1
    Authentication Request
    My login request is sent to the server.
  • 2
    Validation in the Database
    The server first validates my details in the database.
  • 3
    Cookie Creation
    If my details are valid, the server creates a cookie that contains my identity.
  • 4
    Cookie Delivery
    After preparing the cookie on the server, it is silently sent along with the portal. It settles in the local storage of my device.

    Now, let's fast forward to a scenario where I'm interested in checking my leave quota. At this point, I send a request to the server for my leave, along with the cookie I received when I initially logged in. Here's where the magic of cookies comes into play
  • 5
    Automatic Attachment:
    My web browser takes care of attaching the cookie to the request based on the cookie's attributes.
  • 6
    Validation from Cookie:
    The server validates my identity from the cookie because it issued that particular cookie during my login session.
  • 7
    Seamless Access
    As a result, I effortlessly obtain my leave quota without any further intervention. It's worth noting that if I didn't send the cookie or sent an expired one, I wouldn't be able to access my leave quota.
This is the story of cookies in authentication. I trust you've gained some valuable cookie knowledge. Now, let's dive into the practices, advantages, concerns, and insights surrounding on most important cookies

Same-site cookies

Issuing same-site cookies is a common practice and procedure for those who use their own cookies. Also this type of cookie is called first party cookies. This means that if beyondscale.tech issues a cookie containing certain information, when you make a request to the server to access a protected resource, it's only possible for beyondscale.tech to interact with that cookie; other domains cannot access it.This procedure is especially useful when dealing with confidential information such user preferences and identities , as it helps prevent cross-site attacks.We can achieve this by specifying the domain origin in the cookie

Cross-site Cookies

Cross-site cookies also called third-party cookies which represent one of the game-changers on the internet. This practice has enabled marketing companies to generate billions in revenue by tracking user activity. A cross-site cookie is essentially our issued cookie that can be used by other domains based on its cookie attributes

For instance, consider an e-commerce website called byzon.com and another website, facescale.com, which is a social media platform. byzon.com has a marketing agreement with facescale for tracking and exchanging data, encouraging users to make purchases on byszon.com. Here, you can see how cookies can start to disrupt your online experience, even when you're not actively interested in buying a product.

  • 1
    Browsing on Byzon

    You visit Byzon website and start searching for a particular product, let's say a digital camera.

    Byzon uses first-party cookies to store your session information, such as the products you've viewed, added to your cart, or your login status. These cookies are associated with the byzon.com domain.

  • 2
    Byzon Cross-Site Tracking

    Byzon might also use third-party cookies to track your browsing behavior on their site, as well as collect data about the products you've shown interest in.

    These third-party cookies can be used to build a profile of your preferences and shopping history on Byzon.

  • 3
    Seeing an Ad on Facescale

    Later, you log in to Facescale, which is a different website with a different domain (facescale.com).

    Facescale includes advertising content from various sources, including Byzon, as part of its ad network.

    When you log in to Facescale, it loads content, including ads, from various domains.

  • 4
    Cross-Site Cookie Interaction

    Facescale and Byzon, through their advertising agreement, may share information about your recent activity, including your interest in digital cameras.

    If Byzon advertisement has placed an ad on Facescale, they may use cross-site tracking cookies to recognize that you recently viewed digital cameras on Byzon site.

  • 5
    Displaying Relevant Ads

    As a result of this cross-site tracking, you might see advertisements for digital cameras or related products on your facescale feed.

    These ads are personalized based on your past browsing behavior on Byzon, thanks to the information stored in your cookies.

In this scenario, cross-site cookies enable advertisers to target you with relevant ads on Facescale based on your previous interactions on Byzon. While this personalization can be convenient for users, it also raises privacy and data-sharing concerns, which have led to increased awareness and regulatory measures to protect user data and privacy online. It's important to note that web browsers and privacy regulations are evolving, which may impact the effectiveness and use of cross-site tracking cookies in the future.

With the increasing use of the internet, a multitude of regulations and compliance measures are coming into the picture. For instance, the General Data Protection Regulation (GDPR) in Europe requires websites to maintain transparency regarding their data collection practices. When users visit a website for the first time, they should be informed about the types of cookies being used, their purposes, and the duration for which data will be retained. By requesting users' acceptance of cookies, websites are seeking informed consent for data processing

That's why you often encounter a hell of requests at the bottom of websites.

Zombie cookies

A "zombie cookie," also known as an "evercookie," is a persistent web tracking cookie notorious for its ability to regenerate even after a user attempts to delete it. This extraordinary persistence makes it exceptionally challenging to remove, earning it the moniker "zombie." When one instance is deleted, the cookie can resurrect itself from another source. These types of cookies are primarily employed for analytics purposes. However, their use is highly controversial due to the significant challenges they pose to user privacy.

As technology has evolved, the effectiveness of zombie cookies has waned. Many web browsers now incorporate measures to block or restrict various storage mechanisms and tracking techniques, including those utilized by zombie cookies

In addition to the cookies mentioned above, there are various other practices and types of cookies. These include super cookies, which operate based on domain extensions; session cookies, which automatically delete when a user exits the browser session; and HTTPOnly cookies, which are fully controlled by the server, among others.


Cookies, small but powerful, drive online personalization and raise privacy concerns. As technology evolves, understanding their role is crucial for navigating the digital landscape wisely. These unassuming data bits quietly shape our online experiences.