logoCocoa

Options ?

Cookies

What is a cookie?

A cookie is a small text file stored on your computer by your web browser in response to a request to do so from a website. Cookies are often used to “remember” things that you, the user, have done on the website in question, usually to streamline your use of the site. For example, nearly all sites that require you to log on use a cookie to help the website remember that you have logged on.

There are several different types of cookie, including session cookies and persistent cookies. A session cookie only lasts on your computer while you are using the website that asked for it to be created. Once you stop using the website, the cookie is discarded. A persistent cookie lasts longer, and can remain on your computer after you have finished using the site that asked for it.

The content of a cookie is sent by your browser to a website when the website requests it. Usually, only the website that created the cookie is allowed to ask for the content of the cookie.

For more detailed information on cookies in general, see this wikipedia article.

Security concerns

Cookies are not able to contain viruses and cannot install malware on your computer. Having said that, there are some security concerns with the use of cookies, mostly through the use of persistent cookies. When used a certain way, persistent cookies can be used to track your browsing behaviour.

When they are created, cookies are associated with a particular website, and only that site is allowed to request the information stored in the cookie. The site associated with a cookie, however, is not always the site that created it. When a cookie is created by one site but associated with another, it is known as a third party cookie, and third party cookies are the biggest culprits in tracking your online behaviour and potentially leaking personal information.

Most browsers have security settings dealing with cookies. Many prevent third party cookies from being created, or at least warn you when one is about to be created. Cookies can also be completely turned off for added security from sites snooping on your online behaviour.

The EU, and in the UK the ICO, responded to the increasing use of cookies to track online behaviour and target advertising at internet users by requiring websites to obtain informed consent from users before they start using cookies. That's why the Cocoa logon page contains a message about its use of cookies, and why this help page is here.

Cocoa's use of cookies

Cocoa uses two cookies. One is necessary for it to work properly, the other helps with accessibility. The cookie that Cocoa must use is a type of session cookie known as an authentication cookie. This cookie stores a short, random sequence of letters and numbers whose primary purpose is to idenitify to Cocoa that you have logged on. The cookie never stores any other information. If Cocoa did not use this cookie, it would not be able to tell whether you have logged on or not, and would therefore always show you the logon screen.

The sequence of letters and numbers is known as a session ID, and it is temporarily associated inside Cocoa with your user account. It is in no way derived from your name, date of birth, username, password or any other personal information about you: it is generated completely randomly when you first access Cocoa. It cannot, therefore, be in any way decoded to reveal anything personal about you.

Whenever you use Cocoa, it first asks to see the session id from the cookie. If you have only just started using Cocoa, the cookie will not be set, and so Cocoa will create a new session ID and ask your browser to create a cookie to store it in. Otherwise, Cocoa compares the session ID sent by your browser with the information stored in Cocoa to check whether you have logged in. If you have, you will be shown your account details; if not, you will be shown the logon screen.

The association within cocoa between the session ID and your user account is temporary: it only lasts while you are logged on and using Cocoa. When you log off or stop using Cocoa, the association is removed, and next time you log on a new, different session ID is generated.

The cookie Cocoa uses for this purpose is named CocoaAppSession and you can verify its existence and its content any time using your browser's feature for viewing cookies. You can delete the cookie at any time; all that will happen as a result is that you will be logged out of Cocoa automatically. See the section How to view cookies below for more information.

Cocoa cannot function without using this cookie, and its use of this cookie is strictly limited to that which is essential for it to work. It does not store any persistent cookies or any personal information in its cookie. If you do not wish for Cocoa to use even the one cookie it requires, you must not log on.

The cookie that Cocoa uses to help with accessibility is a persistent cookie named CocoaActiveStylesheet. It is set as soon as you visit and it expires after 1 year. Its only purpose is to let Cocoa know what accessibility options you have selected. Without it, Cocoa does not know about your chosen accessibility options. It stores a single piece of information that tells Cocoa whether or not you are currently using the high-contrast mode. If you are using high-contrast mode, this cookie will be set to “highcontrast”; if you are using Cocoa’s default mode, this cookie will be set to “default”. The cookie does not store any other information.

Like the other Cookie that Cocoa uses, you can also delete this one at any time, or block your browser from setting it altogether if you prefer. All that will happen if you do this is that Cocoa will always use the default mode and you will not be able to select high-contrast mode. In all other respects, Cocoa will continue to function normally.

How to view cookies

See below for instructions for most popular browsers detailing how to view the cookies currently stored by your browser. In many cases, the place where you view cookies also offers you the opportunity to delete them should you wish to do so.

In Google Chrome, click the wrench menu, choose Tools and then Developer Tools. In the window that pops up, click on Resources, then expand the Cookies section on the left side. The CocoaAppSession cookie should now be visible if you are logged on.

In Mozilla Firefox, open the Tools menu and choose Page Info. In the window that pops up, click on the Security section, then the View Cookies button. The CocoaAppSession cookie should now be visible if you are logged on.

In Internet Explorer open the Tools menu in the menu bar or in the upper-right corner of the window, and select Internet Options. In the Browsing History section, click Settings, then View Objects or View Files. The CocoaAppSession cookie should now be visible if you are logged on.

Cocoa v2.3.8 ©2017 NomadIT