Persistent Cookie
Stored Locally
Risk: Medium

What are Persistent Cookies?

A persistent cookie, also known as a stored cookie, is a file that is stored on a user’s hard drive. The cookie would remain on the hard drive until it reaches its expiration date. At this point the browser would purge the cookie from the hard drive. On every subsequent visit to the website the browser will send the cookie back to the web site. Because a cookie's value can uniquely identify a client, the cookie can indicate how the user initially came to this website. For this reason, they are also sometimes referred to as tracking cookies.

The benefit of a persistent cookie is that they can result in faster and more convenient access as they can store login details that remove the need to login on each visit to the web site. In addition to authentication, other website features are possible through the use of these, such as;menu preferences, preferred theme, language selection or even internal site bookmarks. On your first visit, the website is presented in default mode. During this time, you select your preferences and they are remembered. Like a session cookie but they persist from session to session, added is the expiration date which is issued by the web server into the txt file. They can control your font size page width for screen size etc. which means the user doesn’t have to worry about adjusting their screen preferences for a year unless they delete the cookies. In some cases, persistent cookies are set for a very long time. These can also help a webmaster find out who is a new viewer and who is a returning viewer.

Differences between Regular &Persistent Cookies.

NEEDS WORK ? Regular Cookiesare Persistent CookiesStored in BrowserStored in client hard driveEasily blocked and deleted from browserNeeds to be deleted manually or set.Size=4kbSize=up to 100kbWork with only one browserWork across all browsers on the same machine

How do they work exactly?

A persistent Cookie works by using several computer languages which then stores a txt file on your hard drive in your machine and has written into the coding a set expiry date normally 1-2 years.

Example of who uses them?

Google analytics.

Name: _utma Typical content: randomly generated numberExpires: 2 years
Name: _utmbTypical content: randomly generated numberExpires: 30 minutes
Name: _utmcTypical content: randomly generated numberExpires: when user exits browser
Name: _utmzTypical content: randomly generated number and information about how the page was reached (e.g. directly or via a link, organic search or paid search)Expires: 6 months
Name: __utmmobileTypical content: randomly generated numberExpires: 2 yearsFor further details on the cookies see Google Analytics.

Purposes of using them.

The benefit of a persistent cookie is that they can result in faster and more convenient access as they can store login details that remove the need to login on each visit to the web site. In addition to authentication, other website features are possible through the use of these. Features such as: menu preferences, preferred theme, language selection or even internal site bookmarks. On your first visit, the website is presented in default mode. During this time, you select your preferences and they are remembered through the use of the persistent cookie on your machine.

Privacy Risk

1.Cookies are vulnerable and susceptible in common browser cookie-theft and cross site script attacks, cookies are not as safe as people realise.
2.Persistent cookies alone are adequate authentication to access a website. They are the same as both a valid username and password in one.
3.As nearly all 98.4% of people reuse their passwords from site to site this makes it easy for any login cookie from which you can recover the user's password much more potential harm.
4.Very many people have persistent cookies on multiple web browsers e.g. on different machines (work or home laptop or mobile) simultaneously making it more exposed to a potential threat.

Did you know

The name "Cookie" relates to an unopened Fortune Cookie, because of the hidden information contained inside.

The Cookie List

Session

Sometimes known as a transient cookie, stored in temporary memory and remains available for the duration of your active “session” within the browser.

session cookie...

Persistent

Also known as a stored cookie, it stores a file on your hard drive. The cookie would remain on the hard drive until it reaches its expiration date.

persistent cookie...

Secure & HttpOnly

A secure cookie is just like a regular cookie, except it contains a special ‘HttpOnly’ flag that instructs the browser to restrict access to cookie data.

secure httponly cookie...

Third-Party

Visit a web site, but have a cookie created by a completely different domain. This allows the third-party domain to track you i.e. Tracking Cookies

Third-Party Cookie...

Super

Dangerous: Uses various techniques to resists deletion even when you clear your entire history they can remain hidden and reappear like a virus!

Super Cookie...

Zombie

Dangerous: This is a cookie that can come back to life, hence the name Zombie. After it has been deleted it recreates itself.

Zombie Cookie...

Ever

This is an example of a VERY persistent cookie. A cross between Super and Zombie types of cookie.

Ever Cookie...

- What Are Cookies
- Types of Cookie
  - Session Cookie
  - Persistent Cookie
  - Secure &HttpOnly
  - Third-Party Cookie
  - Super Cookie
  - Zombie Cookie
  - Ever Cookie
- Enable/Disable
  - Firefox
  - Internet Explorer
  - Chrome
  - Safari
  - Opera
- Delete Cookies
  - Firefox
  - Internet Explorer
  - Chrome
  - Safari
  - Opera
- Cookie Recipes
  - JavaScript
  - PHP
  - Perl
  - Java
  - CGI
  - Flash
  - Silverlight
  - HTML5
  - Cfscript
  - EverCookie
- Cookie Controller