Cookies are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing.
Pros:
1. Cookies are simple to use and implement: It is a lot easier to implement the usage of cookies than any other internet protocol.
2. Occupies less memory, does not require any server resources, and is stored on the user’s computer so no extra burden on the server.
3. We can configure cookies to expire when the browser session ends (session cookies) or they can exist for a specified length of time on the client’s computer (persistent cookies).
4. Cookies persist a much longer period of time than Session state: This means that you can use cookies for a lot more time than any other session rate.
5. They do not require any server resources since they are stored on client:
Cookies are stored on the client’s computers and are not dependent on any servers which makes them easier to implement.
6. They are easy to implement: The fact that cookies are supported on the client’s side means they are a lot easier to implement.
7. They can be configured to expire when the session ends: Cookies are easier to implement. They can be configured to end as soon as the client’s session expires.
8. They are domain-specific: Each domain has its own cookies. There is no domain that shares cookies with other domains. This makes them independent.
9. They can be disabled by the user: The fact that cookies are found on the clients’ side means they can be enabled and disabled by the user themselves.
10. They are simple to use: Cookies are much easier to use. This is the reason why they are enabled and disabled from the client’s side.
Cons:
1. They are not secured: As mentioned previously, cookies are not secure as they are stored in clear text they may pose a possible security risk as anyone can open and tamper with cookies.
2. Difficult to decrypt: You can manually encrypt and decrypt cookies, but it requires extra coding and can affect application performance because of the time that is required for encryption and decryption.
3. There are limitations in size: Several limitations exist on the size of the cookie text (4kb in general), number of cookies (20 per site in general). Each site can hold only twenty cookies.
4. Can be disabled: The user has the option of disabling cookies on his computer from the browser’s setting. This means that the user can decide not to use cookies on his browser and it will still work.
5. Cookies will not work if the security level is set to high in the browser:
If the browser security level is set to high, then this means that the cookies will be disabled because it will delete the cookies.
6. Users can delete cookies: The fact that users can delete cookies from their computers gives them more control over the cookies.
7. Users browser can refuse cookies, so your code has to anticipate that possibility: There are instances where users can decide to refuse the usage of cookies. If your code does not allow for this possibility, then it will make the procedure quite cumbersome.
8. Complex type of data not allowed: It allows only plain text (i.e. cookie allows only string content)
9. It is not secure: Cookies are not really secured. They can be interfered with by an external party.
10. They can easily be hacked: The fact that they are found on the client’s side means they can easily be hacked into and modified.
11. There is a limited number of cookie size that can be used: There is only a limited number of cookies that can be used by a browser or domain and this makes it really limiting.
12. Some people might just disable cookies on their browsers: It is easy and possible for a user to disable cookies on their browsers and this may create some problems in the functioning of the browser.
