The Pros and Cons of using cookies
What is cookie?
No we aren't talking about chocolate chip cookies. A cookie is a small text file stored on your computer. Cookies are primarily used by websites to keep track of visitors user information like their username for example. If a web application is using cookies, the server sends the cookie and your browser (Chrome, Firefox, Safari) will store it. The browser then returns the cookie to the server the next time the page is requested. The most common example of using a cookie is to store User information, User preferences, and Password Remember Options.
What are the implications of allowing visitors to store passwords in cookies?
When I ask myself this question the first thing that comes to my mind as a negative result would be a parent making an online purchase, saving their password in the cookie and there 5 year old son get's on while they aren't looking and makes more purchases. Although this can still happen, when I purchase on Amazon.com I don't have to fill in any user info, not even my cc. While I find this to be incredibly convenient, I can see how it could become a problem.
After some research this is what I have learned:
One major security problem with cookies is that they can easily be read by anyone using the specific computer they are on. They are just a simple text file, so you should not under any circumstances store your passwords in cookies. Can you see this having very bad results if you say, used a computer at work and stored your password in a cookie, or on your laptop and it was stolen, or even sent off to be repaired!
Cookies can also show links in them if someone happens to look at them on your computer. For example, if your wife is on the computer and happens to browse any cookies, she may not like the fact that you have been viewing sex sites or how to leave your spouse penniless (or whatever your up to that you don't want someone else to know). Most websites that store cookies, will have the site name or link visible in the cookie on your computer making it easy to see where the cookie came from.
Contrary to popular belief:
Cookies cannot be used to get data or view data off your hard drive. A server can only get the data from the cookie it wrote to the cookie file. A site can only access a cookie that has been set from its own domain. It cannot access any other cookies from other sites on your computer.