Cookies policy

A cookie It is a small piece of information sent by a web site and stored in the user's browser, so that the website can consult the previous user activity.

Its main functions are:

  • Keep track of users: when a user enters their username and password, a cookie is stored so you do not have to be introducing them to each page server. But nevertheless, a cookie does not identify only one person, but a combination of computer-browser-user.
  • Getting information about the user's browsing habits, and spyware attempts (spyware), by advertising agencies and other. This can cause privacy problems and is one of the reasons why the cookies have their detractors.

Cookies can be deleted, accepted or blocked as desired, for this should only be conveniently set up the web browser.


Cookies are commonly used by web servers to differentiate users and to act differently depending on these.

One use of cookies is identified on a website. Users typically are identified by entering their credentials on a page validation; Cookies allow the server know that the user is already validated, and therefore you may be allowed access services or perform operations that are restricted to users unidentified.

Other sites use cookies to customize their appearance according to user preferences. Sites that require identification often offer this feature, although it is also present in others that do not require. Customization includes both presentation and functionality.

Cookies are also used to track users across a website. Tracking in one place usually done with the intention to maintain usage statistics, while tracking across sites usually it aimed at creating anonymous user profiles by advertising companies, then they are used to target advertising campaigns (decide what kind of advertising use) based on user profiles.


Since its introduction in Internet have circulated misconceptions about cookies. In 2005 Jupiter Research published the results of a study, whereby a significant percentage of respondents believed some one of the following statements:

  • Cookies are similar to worms and viruses that can erase data from the hard drives of users.
  • Cookies are a type of spyware that can read personal information stored on computer users.
  • Cookies generate popups.
  • Cookies are used to generate spam.
  • Cookies are only used for advertising purposes.

Actually, Cookies are data only, no code, then they can not erase or read information from computer users. But nevertheless, Cookies can detect the pages visited by a user at a given site or set of sites. This information can be collected in a user profile. These profiles are usually anonymous, that is to say, do not contain personal user information (first name, address, etc). In fact, They can not contain it unless the user has forwarded to any of the sites visited. But although anonymous, These profiles have been some concerns about privacy.

According to the same report, a large percentage of Internet users do not know how to delete cookies.


Most modern browsers support cookies. But nevertheless, a user can usually choose whether cookies should be used or not.

The browser can also include the ability to better specify what cookies should be accepted and which not. Specific, the user can normally accept any of the following options: reject cookies from certain domains; reject third party cookies; accept cookies as non-persistent (They are deleted when the browser is closed); allow the server to create cookies for a different domain. further, browsers can also allow users to view and delete cookies individually.


Cookies have important implications for privacy and anonymity of Web users. Although cookies only to the server that defined or another ship in the same domain, a web page may contain images and other components stored on servers in other domains. The cookies that are created during the requests of these components are called third-party cookies.

Advertising companies use third-party cookies to track users across multiple sites. Specific, an advertising company can track a user across all pages where it has placed advertising images or web bugs. Knowledge of the pages visited by a user allows these companies to target advertising according user preferences alleged.

The possibility of creating a user profile has been viewed as a potential threat to privacy, even when tracking is limited to a single domain, but especially when across multiple domains using third-party cookies. For that reason, some countries have legislation about cookies.

Directive of the European Union 2002 privacy in telecommunications contains rules about the use of cookies. Specific, in the article 5, paragraph 3 states that data storage (as cookies) on the computer of a user can only be done if:

  1. the user receives information on how the data are used;
  2. the user has the possibility to reject this operation.

But nevertheless, This article also states that storing data that is necessary for technical reasons is permitted as an exception.


In addition to relating to privacy already mentioned, there are other reasons why the use of cookies has received some opposition: not always correctly identify users, and they can be used for security attacks.

inaccurate identification

If more than one browser is used on a computer, each has its own storage of cookies. Thus, Cookies do not identify a person, but a combination of user account, computer and browser. In this way, anyone who uses multiple accounts, several computers, or multiple browsers, also it has multiple sets of cookies.

In the same way, cookies do not differentiate between several people using the same computer or browser, if they do not use different user accounts.

Robo de cookies

During normal operation, cookies are sent in both directions between the server (or group of servers in the same domain) and the computer of the user who is browsing. Because cookies may contain sensitive information (Username, a witness used as authentication, etc.), their values ​​should not be accessible from other computers. But nevertheless, HTTP cookies sent over normal sessions are visible to all users can listen on the network using a packet sniffer. These cookies should not contain sensitive information therefore. This problem can be solved by using https, invoking security Transport Layer to encrypt the connection.

Cross-site scripting allows the value of the cookies sent to servers that normally would not receive such information. Modern browsers allow execution of code segments received from the server. If cookies are accessible during execution, its value can be communicated in any way to servers that should not access them. The process that allows an unauthorized party receiving a cookie is called stealing cookies, and encryption does not work against this type of attack.

This possibility is typically exploited by attackers of sites that allow users to send HTML content. Introducing a segment appropriate HTML code in a shipment, an attacker may receive cookies from other users. Knowledge of these cookies can then be exploited by connecting to the places where the stolen cookies are used, It is thus identified as the user who stole the cookies.

Falsification of cookies

Although cookies must be stored and sent back to the server without changing, an attacker could modify the value of cookies before returning. And, for example, a cookie contains the total value of the purchase of a user on a website, changing that value the server could allow an attacker pay less than they should for their purchase. The process of modifying the value of the cookies called cookies counterfeit and often performed after stealing cookies to persistent attack.

But nevertheless, most websites only stored in the cookie a session identifier-a unique number used to identify the session of the user- and other information is stored on the server itself. In this case, the problem of counterfeiting of cookies is virtually eliminated.

Cross-site cooking (cross-site cooking)

Each site must have their own cookies, so that a site does not have to modify or set cookies from another site as Vulnerabilities of cross-site cooking (cross-site cooking) browsers allow malicious sites to break this rule. This is similar to the falsification of cookies, but the attacker exploits non-malicious users with vulnerable browsers, instead of attacking the website directly. The aim of these attacks may perform a session fixation (session hijacking on a website).

Data from Cookies policy. For more information on this subject please consult the Guidance on the use of cookies from the Spanish Agency for Data Protection.

Using cookies

This site uses cookies for you to have the best user experience. If you continue to browse you are giving your consent to the acceptance of the aforementioned cookies and acceptance of our Cookies policy, click the link for more information.plugin cookies

Notice of cookies