A magic cookie, more commonly known just as a cookie, is a piece of information sent from a server to a client. It is different from other forms of data that are sent, because the contents of the magic cookie are unreadable by the client. The purpose of a magic cookie is to provide a mechanism by which a server can track, authenticate or otherwise record information about a client on the client’s system without compromising its own security.
Originally, a magic cookie was used to verify the identity of users who were logging into specific computer systems. Eventually, they developed into a method for web servers to save information about visitors to a site. A hypertext transfer protocol (HTTP) cookie is widely used by many types of websites.
The use of a magic cookie makes many functions possible. Information about a browsing session on a website, such as items added to a shopping basket or links that were marked as favorites, can all be stored in a magic cookie. Additionally, the cookie is unreadable to the client system and allows the server to keep any proprietary information or methods secure.
A magic cookie remains secure because the information it contains is encrypted in one way or another. Anyone is able to open the file in which a cookie is stored, but the information will appear as long strings of seemingly random characters. The information is either encrypted or otherwise obfuscated, so it is meaningless without a special magic number that only the server knows and never transmits.
There are two classifications of magic cookies. A first-party cookie is one that comes directly from the website being visited. These are the cookies that are often used to track a session or to record a username and password. The other type is called a third-party cookie.
A third-party cookie comes from a website outside the one being visited. There are many legitimate uses for a third-party cookie, but they also can be used to track the web-viewing habits of a user without the user's knowledge. The controversy over privacy when dealing with third-party cookies has led to the addition of an option in most web browsers to block them from being accepted.
A cookie is just a piece of information sitting on the hard drive of a computer or other device. It is incapable of being executed or otherwise causing malicious harm directly to a computer. Except in extremely rare cases of malicious hacking, only the server that issued the cookie is capable of opening and reading the information it contains.