What is a cookie?

A cookie is information that a website puts on a user's computer. Cookies store limited information from a web browser session on a given website that can then be retrieved in the future. They are also sometimes referred to as browser cookies, web cookies or internet cookies.

Cookies can be accessed by the browser user, the site a user is on or by a third party that might use the information for different purposes. Common use cases for cookies include session management, personalization and tracking.

Cookies first appeared in 1994 as part of the Netscape Navigator web browser. They helped the browser understand if a user had already visited a given website. Netscape developer Lou Montulli invented the initial cookie implementation. He was granted U.S. Patent No. 5,774,670A, with the description, "Persistent client state in a hypertext transfer protocol based client-server system."

Types of cookies

There are multiple types of cookies that run in modern web browsers. Different types of cookies have specific use cases to enable certain capabilities.

  • HTTP cookies. This is the overall category of computer cookies used with modern web browsers to enable specific capabilities. All the cookies in this list -- except for flash cookies -- are forms of HTTP cookies.
  • Session cookies. A session cookie is only persistent while the user is navigating or visiting a given website.
  • Persistent cookies. Also sometimes referred to as permanent cookies, these persist for a configurable length of time or until a certain date that is set by the web server.
  • First-party cookies. Also known as SameSite cookies, the cookie and information it contains is restricted to the same site on which it was set.
  • Third-party cookies. These cookies are not restricted to the initial site where the cookie was created. Third-party cookies enable entities other than the original site to access them for user tracking and personalization purposes.
  • Zombie cookies. This refers to a type of cookie that persists, even after the user attempts to delete it.
  • Flash cookies. These are not browser or HTTP cookies but, rather, a specific type of cookie that works with Adobe Flash. With the decline in the use of Flash, these cookies are no longer widely used.
  • Secure cookies. These are first- and third-party cookies that can only be sent over encrypted HTTPS connections.

Are cookies safe?

Cookies have been part of daily internet operations for decades and are generally safe. However, third-party cookies are sometimes seen as intrusive.

Third-party cookies enable entities to track user behavior in a way the user might not be aware of -- and they may infringe upon the user's privacy. Advertisers often use third-party cookies to track user activity to provide targeted ads to the user. This is a privacy concern for many who don't want to be tracked or have their browsing habits shared. Cookies that can identify users are now subject to General Data Protection Regulation and California Consumer Privacy Act regulations.

View alternatives for providing targeted advertising to internet users here.

There is also the potential for threat actors to hijack third-party cookies. This would give them access to user information and enable them to launch other attacks. These attacks include session hijacking, cross-site scripting and cross-site request forgery.

Unsecured cookies can also be a potential security risk for users and website operators. An unsecured cookie is transmitted unencrypted over HTTP to the origin website or to a third party. If the information is something simple -- such as whether the user has visited the site before -- that's a minimal risk. But some sites may use cookies to store user information -- including personally identifiable information such as authentication credentials and payment card information. If that type of information is sent unencrypted, it can be intercepted and used by a criminal. A secure cookie only enables cookie information to be sent via HTTPS and does not have the same risk.

Learn how to encrypt and secure a website using HTTPS here.

How to manage cookies

Every major web browser has a set of controls to help users configure what types of cookies to accept and delete. Cookies can be managed via user preferences.

Apple Safari

  1. Open Safari.
  2. Click Safari > Preferences in the upper left-hand corner of the screen.
  3. Click on Privacy. An option to block all cookies will appear.
  4. Check the box next to block all cookies to disable all cookies.
  5. Uncheck it to enable all cookies.
  6. In the same window, there is a box marked Manage Website Data; this is where all the collected cookies can be viewed and managed.
  7. Check the Prevent cross-site tracking option to block only third-party cookies.

Google Chrome

  1. Open Chrome.
  2. Type chrome://setting/cookies to get to the cookie management settings. This enables users to allow all cookies and block third-party cookies. It also provides the option to clear cookies and site data when all windows are closed.
  3. To more easily clear all cookie data, type chrome://settings/clearBrowserData. Users will then see a checkbox that they can click to clear all cookies.

Microsoft Edge

  1. Open Microsoft Edge.
  2. Type edge://settings/content/cookies in the menu bar to get to the cookies and site data menu. This enables users to allow all cookies or block third-party cookies.
  3. The cookies and site data menu also provides the option to clear cookies and site data when all windows are closed.
  4. To remove stored cookies, type edge://settings/site/Data in the menu bar. Then click Remove all to remove all cookies or click Remove third-party cookies.

Mozilla Firefox

  1. Open Firefox.
  2. Type about:preferences#privacy in the menu bar to get to the Browser Privacy settings.
  3. There are multiple options in the Browser Privacy settings, including tracking protection to block third-party cookies.
  4. There is also a button on the Browser Privacy setting window under cookies and site data. It is labeled Clear Data and allows users to delete cookies.
This was last updated in August 2021

Continue Reading About cookie

Dig Deeper on Software design and development

Cloud Computing
App Architecture