LLMpediaThe first transparent, open encyclopedia generated by LLMs

Cookie (computing)

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Hypertext Transfer Protocol Hop 4
Expansion Funnel Raw 48 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted48
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Cookie (computing)
NameCookie
CaptionDiagram of a HTTP cookie exchange between a client and a server
Other namesHTTP cookie, web cookie, browser cookie
GenreHTTP header, World Wide Web
InventorLou Montulli
Inception date1994
CompanyNetscape Communications

Cookie (computing). In computing, a cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. Originally designed to provide a stateful experience for the stateless HTTP protocol, cookies are a fundamental mechanism for enabling sessions, personalization, and tracking on the World Wide Web. Their use, while ubiquitous, has generated significant debate regarding Internet privacy and information security.

Definition and purpose

A cookie is formally defined within the framework of the Hypertext Transfer Protocol as a set of name-value pairs transmitted in the HTTP header. Its primary purpose is to allow websites to remember stateful information, such as items added to a shopping cart in an online store, or to record a user's browsing activity, including which pages were visited. This capability is essential for maintaining a user session across multiple page requests, a function critical for the operation of modern web applications like Gmail or Facebook. Without such a mechanism, each interaction with a web server would be treated as an entirely new and independent connection.

Types of cookies

Cookies are broadly categorized by their lifespan and origin. A **session cookie** exists temporarily in memory and is deleted when the user closes the web browser; it is commonly used by e-commerce sites. A **persistent cookie** remains on the user's device for a duration set by its creator, often used for functions like login authentication on sites like Wikipedia. **First-party cookies** are set by the domain the user is directly visiting, such as The New York Times storing user preferences. **Third-party cookies** are set by domains other than the one visited, typically by embedded content like DoubleClick advertisements or Facebook "Like" buttons, and are primarily used for online advertising and cross-site tracking.

Implementation and structure

Technically, a cookie is created when a web server includes a `Set-Cookie` HTTP header in its response to a client request. A simple cookie structure includes a mandatory name and value, along with optional attributes such as `Domain`, `Path`, `Expires`, `Secure`, and `HttpOnly`. The `Domain` attribute dictates which servers the cookie should be sent to, while the `Secure` flag ensures transmission only over encrypted HTTPS connections. The `HttpOnly` flag, supported by browsers like Google Chrome and Mozilla Firefox, helps mitigate risks from cross-site scripting attacks by preventing client-side JavaScript access. The handling of these attributes is defined in specifications maintained by the Internet Engineering Task Force.

Privacy and security concerns

The ability of cookies, particularly third-party cookies, to track a user's activity across multiple websites has raised profound Internet privacy concerns. This tracking facilitates the creation of detailed user profiles for behavioral advertising by companies such as Google and Meta Platforms. Security vulnerabilities include **cookie theft** via packet sniffing on unsecured Wi-Fi networks, and **session hijacking** where an attacker uses a stolen cookie to impersonate a user. Cross-site request forgery attacks can also exploit cookies to perform unauthorized actions on a user's behalf on trusted sites like online banking portals.

In response to privacy concerns, several major legal frameworks now regulate the use of cookies. The **General Data Protection Regulation** in the European Union and the **ePrivacy Directive** require websites to obtain informed consent from users before storing non-essential cookies. Landmark cases like the Court of Justice of the European Union ruling in *Planet49* have clarified the standards for valid consent. Similarly, the **California Consumer Privacy Act** grants residents of California rights over their personal information. Consequently, most major websites, including those operated by Microsoft and Apple Inc., now display **cookie consent banners** to comply with these regulations.