What is a Cookie? (2024)

Sean Michael Kerner

What is a cookie?

A cookie is information that a website puts on a user's computer. Cookies store limited information from a web browser session on a given website that can then be retrieved in the future. They are also sometimes referred to as browser cookies, web cookies or internet cookies.

Cookies can be accessed by the browser user, the site a user is on or by a third party that might use the information for different purposes. Common use cases for cookies include session management, personalization and tracking.

Cookies first appeared in 1994 as part of the Netscape Navigator web browser. They helped the browser understand if a user had already visited a given website. Netscape developer Lou Montulli invented the initial cookie implementation. He was granted U.S. Patent No. 5,774,670A, with the description, "Persistent client state in a hypertext transfer protocol based client-server system."

Types of cookies

There are multiple types of cookies that run in modern web browsers. Different types of cookies have specific use cases to enable certain capabilities.

HTTP cookies. This is the overall category of computer cookies used with modern web browsers to enable specific capabilities. All the cookies in this list -- except for flash cookies -- are forms of HTTP cookies.
Session cookies. A session cookie is only persistent while the user is navigating or visiting a given website.
Persistent cookies. Also sometimes referred to as permanent cookies, these persist for a configurable length of time or until a certain date that is set by the web server.
First-party cookies. Also known as SameSite cookies, the cookie and information it contains is restricted to the same site on which it was set.
Third-party cookies. These cookies are not restricted to the initial site where the cookie was created. Third-party cookies enable entities other than the original site to access them for user tracking and personalization purposes.
Zombie cookies. This refers to a type of cookie that persists, even after the user attempts to delete it.
Flash cookies. These are not browser or HTTP cookies but, rather, a specific type of cookie that works with Adobe Flash. With the decline in the use of Flash, these cookies are no longer widely used.
Secure cookies. These are first- and third-party cookies that can only be sent over encrypted HTTPS connections.

Are cookies safe?

Cookies have been part of daily internet operations for decades and are generally safe. However, third-party cookies are sometimes seen as intrusive.

Third-party cookies enable entities to track user behavior in a way the user might not be aware of -- and they may infringe upon the user's privacy. Advertisers often use third-party cookies to track user activity to provide targeted ads to the user. This is a privacy concern for many who don't want to be tracked or have their browsing habits shared. Cookies that can identify users are now subject to General Data Protection Regulation and California Consumer Privacy Act regulations.

View alternatives for providing targeted advertising to internet users here.

There is also the potential for threat actors to hijack third-party cookies. This would give them access to user information and enable them to launch other attacks. These attacks include session hijacking, cross-site scripting and cross-site request forgery.

Unsecured cookies can also be a potential security risk for users and website operators. An unsecured cookie is transmitted unencrypted over HTTP to the origin website or to a third party. If the information is something simple -- such as whether the user has visited the site before -- that's a minimal risk. But some sites may use cookies to store user information -- including personally identifiable information such as authentication credentials and payment card information. If that type of information is sent unencrypted, it can be intercepted and used by a criminal. A secure cookie only enables cookie information to be sent via HTTPS and does not have the same risk.

Learn how to encrypt and secure a website using HTTPS here.

How to manage cookies

Every major web browser has a set of controls to help users configure what types of cookies to accept and delete. Cookies can be managed via user preferences.

Apple Safari

Open Safari.
Click Safari > Preferences in the upper left-hand corner of the screen.
Click on Privacy. An option to block all cookies will appear.
Check the box next to block all cookies to disable all cookies.
Uncheck it to enable all cookies.
In the same window, there is a box marked Manage Website Data; this is where all the collected cookies can be viewed and managed.
Check the Prevent cross-site tracking option to block only third-party cookies.

Google Chrome

Open Chrome.
Type chrome://setting/cookies to get to the cookie management settings. This enables users to allow all cookies and block third-party cookies. It also provides the option to clear cookies and site data when all windows are closed.
To more easily clear all cookie data, type chrome://settings/clearBrowserData. Users will then see a checkbox that they can click to clear all cookies.

Microsoft Edge

Open Microsoft Edge.
Type edge://settings/content/cookies in the menu bar to get to the cookies and site data menu. This enables users to allow all cookies or block third-party cookies.
The cookies and site data menu also provides the option to clear cookies and site data when all windows are closed.
To remove stored cookies, type edge://settings/site/Data in the menu bar. Then click Remove all to remove all cookies or click Remove third-party cookies.

Mozilla Firefox

Open Firefox.
Type about:preferences#privacy in the menu bar to get to the Browser Privacy settings.
There are multiple options in the Browser Privacy settings, including tracking protection to block third-party cookies.
There is also a button on the Browser Privacy setting window under cookies and site data. It is labeled Clear Data and allows users to delete cookies.

This was last updated in August 2021

Continue Reading About cookie

How to manage cookie privacy in the enterprise

How to manage cookies across web browsers

What the loss of third-party cookies means for IT departments

Many search engine users unaware of personal data collection

The death of third-party cookies: What marketers need to know

Related Terms

citizen development: Citizen development is a business process that encourages non-IT-trained employees to become software developers, using ... Seecompletedefinition
natural user interface (NUI): A natural user interface -- or NUI -- is an interface that is designed to feel as natural as possible. Seecompletedefinition
prompt engineering: Prompt engineering is an AI engineering technique encompassing the process of refining LLMs with specific prompts and recommended... Seecompletedefinition

Dig Deeper on Software design and development

As an expert in web technologies and internet privacy, I've been deeply involved in studying and understanding the concepts related to cookies, their functionality, implications for privacy, and the various types and management across different web browsers.

Cookies are small pieces of data that a website stores on a user's computer. They serve several purposes, including session management, personalization, and tracking. They were first introduced in 1994 as part of Netscape Navigator and were designed to help browsers recognize whether a user had previously visited a particular website. Lou Montulli, a Netscape developer, invented the initial cookie implementation.

There are several types of cookies:

Session cookies: These exist only during a user's session on a specific website and are deleted when the browser is closed.
Persistent cookies: Also known as permanent cookies, they remain on a user's device for a set period or until a specific date.
First-party cookies: Limited to the site that set them.
Third-party cookies: Accessible to entities other than the site where they were created, often used for tracking and personalization.
Zombie cookies: Persist even after attempted deletion.
Flash cookies: Specific to Adobe Flash, but have declined in use with the decrease in Flash usage.
Secure cookies: Can only be sent over encrypted HTTPS connections.

Despite being an integral part of internet operations, cookies, especially third-party ones, raise concerns about privacy. They allow entities to track users without their explicit knowledge, potentially infringing on privacy rights. Third-party cookies, particularly those that can identify users, fall under the purview of regulations like the GDPR and California Consumer Privacy Act.

Moreover, there are security risks associated with cookies. Unsecured cookies transmitted over HTTP can be intercepted, potentially compromising sensitive information like authentication credentials or payment details.

Managing cookies is crucial for users concerned about privacy and security. Major web browsers offer controls to manage cookies:

Apple Safari: Allows users to block or manage cookies via preferences.
Google Chrome: Users can control cookie settings and clear cookie data.
Microsoft Edge: Provides options to allow or block cookies and clear stored data.
Mozilla Firefox: Offers settings to manage tracking protection and clear cookies.

By using these controls, users can decide which cookies to allow or block based on their privacy preferences.

In conclusion, cookies serve various purposes on the internet but raise significant privacy and security concerns. Understanding their types and managing them through browser settings is essential for maintaining a balance between personalized web experiences and safeguarding privacy and security online.