Cookie is a small file sent by a website and stored in a user’s web browser while browsing the website. It allows websites to remember information about a user and display custom information such as advertisements when the user returns.
What is a Cookie?
When you visit a website, the server can send a “Set-Cookie” header that instructs your browser to store a cookie. That cookie has a name and value, and may include attributes such as expiration time, domain, path, security flags, and more. On subsequent requests to the same site (and matching domain/path), the browser sends the cookie back to the server in the HTTP “Cookie” header.
Cookies solve the problem that HTTP is stateless (each request is isolated). Cookies let web applications maintain state—such as keeping you logged in, remembering your shopping cart, or storing site preferences.
Cookies come in different types:
- Session cookies: temporary cookies without an explicit expiration time. They live only during the browser session and are removed when the browser closes.
- Persistent cookies: cookies that have a set expiration or “max-age,” and remain stored across sessions until they expire or are deleted.
- First-party cookies: set by the site you are visiting (same domain).
- Third-party cookies: set by other domains (often via embedded content, ads, or external scripts) and used for cross-site tracking or advertising.
Cookies are widely used for:
- Authentication / sessions: remembering a logged-in user so they don’t need to log in on every page.
- Preferences / personalization: storing user settings like language, theme, and other custom options.
- Tracking & analytics: recording user behavior, visits, pages viewed, and enabling advertisers to serve tailored ads.
Because cookies can store user-level data and are used for tracking, privacy regulation and browser policy changes (e.g. blocking third-party cookies) are increasingly strict.
Not directly. Cookies are a technical mechanism for state and tracking. However, using cookies in a way that slows page load or violates privacy rules can indirectly affect usability and trust.
Yes. Users can view, delete, or block cookies using their browser settings. Most browsers have a section for cookie or site data.
It’s not safe to store sensitive data like passwords in cookies unless encrypted and secured. Instead, cookies often store session identifiers that reference server-side data.