Are HTTP Cookies really dangerous?
HTTP cookies are used by web servers to track clients and retrieve data related to users during navigation. Http cookies were introduced to implement shopping cart for storing items they want to purchase as they navigate a shopping site.
Other than the usage of cookies in e-commerce as a shopping cart, it is used to store information like their name, phone number etc when users fill out a form and offer them the stored details the next time they come to the page.
There were rumors among the internet users that, through cookies, webmasters can collect security information and damage hard drive. This is not true. Generally, cookies are small pieces of text, stored by user’s web browsers that contain user’s setting, shopping content or other data used by systems. The collected data is used to identify visitors and gather information you entered into sites.
Cookies are sent between server and client for normal operation. There is a possibility of stealing cookies particularly on unencrypted public Wi-Fi networks, through packet sniffing, by an unauthorized party. You can secure the communication network by employing transport layer security to encrypt the connection.
Attackers make use of cross-site scripting (XSS) to receive cookies of other users to their servers. One can get rid of the XSS issue by making cookies inaccessible to the client side script using the HttpOnly flag which was introduced by Microsoft and implemented in PHP since version 5.2.0.
If you are still worried about security of cookies, get latest browser versions and turn cookies off. Netscape communicator offers three options to accept all cookies, accept only cookies from the same server or deny all cookies. It also offers additional option to alert you when you are prompted for a cookie so that you can accept or decline it.