Web cookies make Web tracking easier - but they can also leave a bad taste in visitors' mouths if they aren't utilized in accordance with your privacy policy. Just like chocolate chip cookies have weight-gain implications, Web cookies have serious security implications.

Cookies... They're Not Just for Snacking

Chocolate chip, peanut butter, macadamia - I love them all. I'm not too picky when it comes to cookie flavors, as long as they're sweet and plentiful! But those aren't the cookies I'm going to talk about today - instead, I'll cover cookies of an electronic flavor: web cookies.

Web cookies make web tracking easier - but they can also leave a bad taste in visitors' mouths if they aren't utilized in accordance with your privacy policy. Just like chocolate chip cookies have weight-gain implications, web cookies have serious security implications. We'll discuss those momentarily, but first let's cover a few basics.

What is a Cookie?

First, let's start with a quick look at what a cookie is. A cookie is simply a piece of information that a web site sends to a visitor's browser. Typically, cookies are used in one of two ways:

• Store information for future use: Cookies can store visitor information like name, address, online buying patterns, login details, etc. This information can then be used by the Web site to provide dynamic interaction as the visitor surfs through the site.
• Maintain visitor sessions: By using cookies, one can determine how long a visitor stays on a Web site, and if the visitor is a new or returning visitor.

Types of Cookies

First-party cookies: A first-party cookie is a cookie that is issued by the web site that you are visiting. For example, if you visit ClickTracks' famous 'Bob's Fruit Site' (www.bobsfruitsite.com), Bob's site will directly place a cookie on your computer. This cookie can only be read by Bob's site-the information that cookie contains cannot be accessed or read by any web site other than Bob's.

Third-party cookies: A third-party cookie is issued by a site other than the one you are currently surfing. To continue with our example from above: Imagine if Bob's site had an alliance with XYZ Ad Network, posting banner ads at the top of the home page. In this case, XYZ Network could issue you a cookie - a third-party cookie. XYZ Ad Network's third-party cookies follow a standard format that makes them readable by any Web site, regardless of what Web site issued the cookie.

Cookies and ClickTracks

Lyris' ClickTracks supports the use of both first- and third-party cookies, whether you use a hosted or log file based system. There are reasons for using each type of cookie, the most significant of which coming into play when dealing with multiple domains.

When you are analyzing a web site that's hosted on a single domain (as most sites are) then issuing a first-party cookie to track a session is the right thing to do. Visitor info and session info can both be gleaned from this first-party cookie.

What if your site is hosted across multiple domains? The practice is not uncommon, especially among larger e-commerce web sites. When dealing with more than one domain, tracking your visitors becomes more complex. Why? Because, a cookie can't follow a visitor and be read from one domain to another due to the security risks involved. If Domain A issues a first-party cookie, then Domain B can't (and shouldn't be allowed to) read it.

For example:

Domain A: www.bobsfruitsite.com = main web site domain

Domain B: www.bobsfruitsiteshop.com = domain for the shopping cart system

While both domains are part of the same site unit, they're still separate domains. That means that a first-party cookie issued by Bob's fruit site won't be readable by bobfruitsiteshop.com.

In this case, a third-party cookie would be issued. As explained earlier, third-party cookies are allowed to be read by web pages that live outside of issuing domain. Normally, this would be a security risk since any web page can read this cookie, but generally, sensitive information is not stored in third-party cookies, and are strictly used for things like web site analytics tracking.

The Future of Cookies

Are web visitors saying 'no thanks' to cookies? No, and yes. First-party cookies are still widely accepted by users because the user has a relationship with a particular site and benefits from the cookie-like a cookie that saves them from having to re-input their user name every time they visit. Third-party cookies, however, are likely to be blocked because users don't trust other miscellaneous sites.

The percentage of users who block cookies depends largely on what kind of business they're in. In general, the amount of users blocking cookies is relatively low, but in government agencies or larger corporations that have stricter security guidelines, the percentage is most likely higher. The trend we see is one where the majority of web site providers inevitably move to first-party cookies.