Cookies are text files that are created when users visit websites. Cookies are used to tell the server that users have returned to a particular website. When users return to a website, a cookie provides information and allows the site to display in customized formats and to show targeted content such as advertising.

They store information such as shopping cart contents, registration or login credentials, and user preferences. This is done so that when users revisit sites, any previously provided information or preferences can be retrieved easily.  

Advertisers use cookies to track user activity across sites so they can better target ads. While this type of activity is offered as a more personalized user experience, some view this as a privacy concern.


The cookie was created in 1994 by Lou Montulli of Netscape Communications to create a more seamless experience for commercial transactions online. The term "cookie" was derived from an earlier programming term, "magic cookie," which was a packet of data programs send and receive unchanged.

Type of Cookies

Session Cookie Session cookies are also known as transient cookies or per-session cookies. Session cookies store information while the user is visiting the website. These cookies are deleted once the user closes the session.

Persistent Cookie Persistent cookies are stored for a specific length of time. These cookies remain on your hard drive until they expire or are deleted. Persistent cookies are sometimes called tracking cookies because they are used to collect user information such as browsing habits and preferences.

First-Party and Third-Party Cookies First-party cookies are cookies set by sites users directly visit. These often store information that is relevant or related to the site, such as preferred settings or user location.

Third-party cookies are cookies that come alongside third-party content on sites users visit. Examples of third-party content include embedded videos, ads, web banners, and scripts. Each of these can set a cookie in a computer. Advertisers often use third-party cookies to track user behavior.

Supercookie Supercookies are similar to session cookies in that they also track user behavior and browsing histories. However, they also have the ability to re-create user profiles, even after regular cookies have been deleted. Supercookies are also stored in different places than standard cookies. This makes detecting and removing them more difficult to the average user.  Supercookies are sometimes called "zombie cookies" or "evercookies."

Flash Cookie Flash cookies or "local shared objects" (LSOs) are data files that are stored on computers by websites that use Adobe Flash. Like browser cookies, Flash cookies can store user information in Flash applications. Flash cookies are sometimes used by sites as "backup" once the browser cookie is deleted.

Security Implications of Cookies

While cookies cannot carry or install malware onto computers, cookies can be exploited by cybercriminals for their malicious schemes. Cybercriminals can steal cookies to steal information such as user credentials, histories, and financial information.  


Since its conception, cookies have long been viewed as having serious implications with user privacy. In 1996 and 1997, cookies were the topic of US Federal Trade Commission hearings. The Internet Engineering Task Force (IETF) formed a special working group to address the specifications of cookies. In February 1997, the IETF specified that third-party cookies were not allowed, or at least enabled by default. This recommendation was superseded in October 2000. However, the newer standard in 2011 allows the use of third-party cookies.

Other efforts to address possible privacy issues include the "Do Not Track (DNT)" header mechanism for browser. Once enabled, the DNT header will notify that users do not want to be tracked and that any tracking or cross-site user tracking must be disabled. Mozilla Firefox was the first browser to implement the feature, followed by Internet Explorer, Safari, Opera, and Google Chrome.

What should users do?

  • Tweak built-in browser settings to delete and manage cookies
  • Opt not to use cookies in websites (though this can limit functionality and available features)
  • Control Flash cookies via the Adobe Flash Player Settings Manager
  • Install browser extensions to detect and delete Flash cookies