Cookie

created:

updated:

tags: web

A website cookie is also known as HTTP cookies. They help organizations to deliver a personalized and convenient user experience. Through website cookies, websites can remember users, their logins, shopping carts, etc.

Cookies are small text files with pieces of data that websites send to your browser/device and they can be used to monitor and identify you.

Types of Cookies

First-Party Cookies

These are directly stored by the websites that user visit. They allow website owners to collect analytics data, language settings, other information that can enhance user experience.

They are also called as session cookies.

Third-Party Cookies

These are often created by domains that users might not visit and often used for online advertising purposes and are placed on a website through a script or tag. A third-party cookie is accessible on any website that loads the third-party server’s code.

They are also called as persistent cookies to create a convenient and faster website experience. They have an expiration date issued to them by the servers.

How did Cookies get invented?

Cookies were developed in order to create stateful sessions on the web. Web using HTTP are stateless, and it was problematic when the website requires users to authenticate every time they go to a new page or click something. Developers wanted the websites to remember users and their sessions.

Lou Montoulli, a developer at Netscape in the early 90’s came up with an idea “magic cookie”. Magic cookie is a bit of data that’s passed between two computer programs and the data is often a random key or token.

How Cookies work

When user logs into website, this is what servers do:

  • checks username and passwords
  • creates and stores a session
  • generates a unique session id
  • sends back a cookie with the session id

Similarly, when user make requests to the websites user has signed into, the browser send user’s cookie with user’s session id back to the server. The server checks for user’s session using user’s session id and returns data for the request.

When user logs out from the website, browser sends ‘sign out’ request to the server with the user’s cookie, the server removes the session, and lets the browser to remove the user’s session id cookie. Afterwards, if user wants to use the website again, the user needs to sign in again.

References


Copyright (c) 2025 Sunmin Kim