[i] Despite RODO, Cookies Are Essential For E-Commerce

[100%]

Cookies are at the center of attention along with the new EU General Data Protection Regulation. It complies with the EU "Cookie Directive" that has been in effect for several years.

Cookies are important for online businesses. They are also common. In this article, I will explain the basics of cookies for e-commerce businesses.

What is a cookie?

Cookies are small files sent by a web server to a browser. Unlike other files (HTML, CSS, images), browsers send cookies back to the server with each subsequent request.

For example, after loading this article, the Pratik E-commerce server sent cookies to your browser. Now, if you click a link in the menu, your browser will send these cookies back to the server; At this point, the server can send the same or different cookies back to your browser.

Cookies are important for online businesses. They are also common.

Due to this recurring process, cookies act as a shared file that both the server and the browser can use. In practice, however, usually only the web server can edit cookies. The browser simply stores and returns them.

Purpose of cookies

Explaining the purpose of cookies can quickly become complicated. So, I'll simplify it.

Web servers can track visits but cannot distinguish one person visiting a site 100 times from 100 people visiting the site once. This makes it almost impossible to track the activities of visitors, such as whether a user has added an item to the cart or viewed a product.

Cookies can support the memory of web servers. If a cookie captures data about a visitor's cart content, and the browser sends this cookie back to the server, the server can remember, for example, the transaction fulfillment page's content.

Cookie Security

With this simple description of shopping cart cookies come many problems. First, because a cookie is a shared file, the webmaster must be cautious about the data it contains.

If a cookie stores any confidential information, such as product prices, cart identifiers, or even user account information, there is a risk that someone could edit the content. Without control, someone could lower the product's price or intrude into the backend of your store, posing as an administrator.

Such attacks pose a security threat to websites. That's why many stores encrypt their cookies to make it difficult to use and prevent editing.

For example, instead of readable text indicating that a visitor has number 679 and two T-shirts in the cart, an encrypted cookie may contain something like bGtJUjhCOEpQVmNHWU5hbHlsZlNiNnNFcmpne, followed by many other randomly generated characters.

Some stores do not store any data in cookies except for a "session identifier," which is a unique value for the current visitor. Better systems will encrypt identifiers.

Multiple Cookies

I have heard from vendors preparing for GDPR. They are often shocked to see how many cookies their store uses. In one small store I checked, 34 cookies were used. And they didn't have external analytical services, trackers, or similar services!

Cookies are small. They can only hold about 4096 bytes of data. A single unformatted character is roughly one byte. Assuming each word has eight characters, 4096 bytes is equivalent to about 500 words. Therefore, the store must carefully manage the data it stores in cookies. One way to minimize their size (and quantity) is to leave only one identifier in the cookie, then store additional data on the server.

Another option is to use multiple cookies, each serving a different role. This can generate dozens of cookies for a single domain. For example, one cookie may track a guest's cart. Another can detect whether the visitor is logged in or not. Another may track recently viewed pages.

These two techniques (storing data on servers and using multiple cookies) can overcome the size limitation.

Cookies come from one domain. A vendor may have cookies, for example, from an online store at

This is the hidden content, please

• Sign In
• or
• Sign Up

and an email newsletter at newsletter.example.com. This opens up the possibility of using even more cookies.

Proper code can combine cookies from multiple domains. This way, a business owner can track visitors from the newsletter. Google Analytics and other network tracking systems or advertising systems can track visitors this way. Visitor browsers store cookies from external platforms.

Cookies are essential

Cookies are a fundamental element of internet technology. There are modern alternatives to cookies, such as JSON web tokens, but they are not as common or supported because cookies do their job so well. Without cookies or another form of session identification, e-commerce as we know it would not exist.