Browse Definitions :
Definition

respawning cookie

Contributor(s): Matthew Haughn

A respawning cookie is a standard HTTP cookie backed up by data stored in additional files that are used to rebuild the original cookie when the user visits the originating site again.

Cookies can typically be blocked by private browsing modes on web browsers, browser settings to deny cookies or deletion by anti-malware software. As users found about cookies, many raised concerns about tracking. Disclosure of the use of cookies did not quiet this discontent and the use of standard cookies can still be a hot issue.

 A 2009 study,” Flash Cookies and Privacy,” showed that cookies were reappearing or “respawning” after deletion. The paper revealed that 50 percent of the 100 top websites were using a method of tagging user  browsers with a unique identifier that could not be easily deleted. That method is known as  persistent identification element (PIE). PIE uses JavaScript and Flash to create a tracking substitute. The storage technique is the same as that used for standard cookie data. Because of the backup data, HTTP cookies that are deleted can respawn.

 There are a couple of methods used to create respawning cookies. Flash cookies, also known as local storage objects (LSO) can be used to create a duplicated tracking record from which the original cookie is rebuilt. Flash cookies are less known and more hidden in the operating system than regular HTTP cookies.  As a result, they are less frequently deleted.  Because Flash cookies lack an expiration date and have a much larger file size (100KB max versus HTTP cookies 4K), they can be exploited to indefinitely store the tracking info that would be lost in the denied or deleted cookies while also storing much more information.

 HTML5 local storage and cache cookies through entity tags (ETags) are another method used to respawn HTTP cookies. ETags can store the same info as HTTP cookies. Again, the sites recognize the PIE and use covert backup to enable reconstitution of the cookie data.

Either of these methods offer members of a consumer tracking firm’s subscriber base more complete information about consumer comings and goings and, thus, interests that can inform marketing efforts.

Newer versions of Flash include options to delete the info required for respawning cookies. Previously, third-party utilities were required to remove them.  

The term respawning comes from multiplayer first-person shooter computer games. In these games, when your character dies, you can usually hit a key to restart and have the character “respawn” and reappear in another location.

This was last updated in October 2014

Continue Reading About respawning cookie

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

  • tokenization

    Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential ...

  • incident response

    Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also ...

  • Federal Information Security Management Act (FISMA)

    The Federal Information Security Management Act (FISMA) is United States legislation that defines a framework of guidelines and ...

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close