What are website cookies and how do cookies work

Sarath Pillai's picture
What are cookies in Websites

People in the computer industry must have heard the term "cookie" many times, non-technical people also are aware of the term cookie because of web browser usage. Some say its a privacy threat, and some people are in support of it. In this post we will go and have a look at what really is a cookie? Is cookie a security or privacy threat? how is cookie currently used and implemented? etc.

When and where was cookie developed?

The credit of the first implementation of cookies goes to the same company who came up with SSL/TLS, The source code of their browser in open source is now called Mozilla,they are non other than Netscape Communications.  

 Lou Montulli(an employee at Netscape) came up with the idea of cookies in 1994. Subsequently that cookie was supported in their Netscape navigator. The initial implementation identified if a visitor to the website is a new visitor(or already visited the site). Later on all other browsers started to implement them. 

What is a website cookie in simple words?

It is a small text file data that's transferred between the web server and the web browser. An important use of this data is that a web server can identify whether this user visited the site in the past. Cookies can also be used to track the activities of a user on a particular website. 

So in clear terms cookies help track browsing history of a user(due to this, ther is some sort of privacy threat posed by cookies).

Some kind of cookies are very useful for detecting the user status on a website, such as whether the user is logged in or not.

What are the uses of a website cookie?

Some of the common uses of a website cookie are mentioned below:

  • To identify and recognize a particular user on next visit to the website.
  • access to different part of the website can be controlled when a user is logged in a website by using a session cookie
  • can track unique visitors to the website with a unique id in the cookie. Its too hard to track a visitor on the basis of IP address.
  • can customize the presentation of a website based on the users interest with the help of cookies.


What are the different types of cookies?

The types of cookies with their uses are mentioned below:

Session Cookies:

session cookies are used for tracking a user's movement inside a website. Without session cookies you will be prompted for the same information while moving from one page to another. For example, if two pages require authentication to access them,although you already authenticated for accessing the first page, without a session cookie the other page will also ask for authentication.

On closing the web browser the session cookies gets deleted.

Persistent Cookies:

this kind of cookies is the one who helps the web server to remember the users choices during the site visit. For example this cookie remembers the users menu options, theme, favorites etc. 

the default mode of the website is presented when a user first visits the webs item, and through persistent cookies the website can track the required selections and customizations. This cookie will remain in the users browsing data for long time.

Secure Cookies:

SSL/TLS enabled sites or sites with HTTPS uses only Secure Cookies. This can prevent the eavesdropping of the cookie transferred between the server and the client. 

Third Party Cookie:

Third party cookies are mainly used for advertising purpose. The banner ads used by many websites make use of the third party cookies stored in your browser data to track your visited sites and interests and show ads based on that.

Suppose you are visiting www.example.com and this is showing ads from www.adexample.com. Now the first time you visit this www.example.com you will get 2 cookies (1 from www.example.com and 1 from www.adexample.com ). Suppose other domains are also using/showing ads from www.adexample.com, when you visit those other domains showing ads from www.adexample.com, www.adexample.com will come to know what all sites you visit(in short what s your interests).

This way third party cookies can be used to show custom ads based on your interest.

Super cookies:

Recently Microsoft was accused of using a more tougher version of cookies called super cookies. These cookies unlike others, are reported to be stored in different locations and can track all the websites you visit. Normally a cookie given by a Website domain "example.com" can only track the visit to that "example.com", but super cookies are set for TLD domains such as .com,.org,.in,etc.

Most web browsers only allows cookies for first party domains(which means it will accept cookies of the domain with that specific domain name on it).

Where can i find cookies on my machine?

Cookies of pages browsed through internet explorer can be found at the below location in windows 7.

C:\Users\<user name>\AppData\Roaming\Microsoft\Windows\Cookies

If you are unable to see the folder named "Cookies" in that folder, it might be hidden..You can easily change the folder options as shown below.

You need to uncheck the "Hide protected operating system files"

All the files you find there are text file cookies. You can open them and see the domain name that cookie belongs to.

If you are using mozilla firefox then the location is as below.


and its saved in sqlite DB format in a file called cookies.sqlite.

How to delete all cookies in firefox?

First select the firefox button from the top menu of the browser, then select "History" >> "Clear Recent History " or

can use the short cut "Ctrl + Shift + Del" this will open the below window.

select cookies only as you only want to clear cookies

What are the contents of a cookie file?

Each and every connection in HTTP protocol is made independant of each other, so by default without cookies there is no mechanism to track connections.

Read: HTTP (Hypertext Transfer Protocol) Request and Response

The initial request send by a client to the server in HTTP is a GET request for a web page. If you analyse apache server logs then you can see that the request pattern is some thing like the below.

 <dest IP>www.example.com <source ip> <TIME><GET /index.html>      

where the client first requests for the file index.html in the domain example.com.

the server replies to the client with the below things if it uses cookies.

  1. HTTP 200 OK reply
  2. web page content
  3. Set-cookie name and value

setcookie(name,value,expire,path,domain,secure) is the function used in php to set cookies in the client.

  • the "set-cookie" line tells the browser to store the servers cookie, and asks to send it back whenver required in the future.
  • the "Path" attribute in the setcookie function tells for which path on the site the cookie is required.
  • "Domain" attribute tells the browser the domain name the cookie belongs to.
  • "expires" tells the browser when to delete the cookie.
Rate this article: 
Average: 3.5 (139 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.