What is cookie?

A cookie is a tiny piece of text that a website stores on your computer or mobile device. It contains information that the site can read later to remember things about you, like your login status, language preference, or items in a shopping cart.

Let's break it down

A cookie is made up of several parts:

  • Name - the label that identifies the cookie.
  • Value - the actual data stored (e.g., a session ID).
  • Domain - the website that created the cookie and is allowed to read it.
  • Path - the specific part of the website where the cookie is valid.
  • Expiration/Max‑Age - tells the browser when the cookie should be deleted.
  • Secure flag - if set, the cookie is sent only over HTTPS.
  • HttpOnly flag - if set, JavaScript on the page cannot read the cookie, helping protect it from certain attacks.

Why does it matter?

Cookies let websites remember you between visits, which makes the web faster and more convenient. Without cookies, you would have to log in every time you open a page, lose items in a shopping cart, and see the site in your default language every visit. They also enable analytics and targeted advertising, which help sites improve and stay funded.

Where is it used?

  • Login sessions - keeping you signed in.
  • Shopping carts - storing items you add before checkout.
  • Preferences - language, theme, or layout choices.
  • Analytics - tracking how many people visit a page and what they do.
  • Advertising - showing ads that match your interests.
  • Security - protecting against cross‑site request forgery (CSRF) attacks.

Good things about it

  • Convenience - no need to re‑enter information on every visit.
  • Performance - servers can stay “stateless” and rely on cookies for user state.
  • Personalization - sites can tailor content to your preferences.
  • Security options - flags like Secure and HttpOnly add layers of protection.
  • Broad support - all modern browsers understand cookies.

Not-so-good things

  • Privacy concerns - cookies can be used to track users across many sites.
  • Security risks - if not set correctly, cookies can be stolen via XSS or used in CSRF attacks.
  • Storage limits - each cookie is small (usually ≤4 KB) and browsers limit the total number per domain.
  • User annoyance - frequent cookie consent pop‑ups can be intrusive.
  • Dependence on client - users can delete or block cookies, breaking functionality that relies on them.