A cookie in web terms is a small piece of data that a website asks your browser to store, and which the browser sends back to that site on later requests. That round trip lets a site remember things between page loads — that you are logged in, what is in your cart, your language preference. Cookies exist because the web protocol itself is stateless: each request normally arrives with no memory of the last one, and cookies are how a site carries context forward. They matter because they power everyday conveniences and also sit at the center of online privacy debates. This explainer covers how cookies work, the main types, a concrete example, and the privacy angle.
How a cookie works
When you visit a site, its server can send a small named value back with the response and ask your browser to store it. Your browser saves it and, on every later request to that site, automatically attaches the cookie. The server reads it and recognizes the context — for example, a session identifier that says "this is the same logged-in user." The cookie itself is usually tiny and tied to a specific site and expiry time.
Because the web protocol does not remember anything on its own, this is the standard mechanism for keeping state across requests. If the stateless nature of the web is new to you, how HTTP works explains why cookies are needed in the first place.
The main types of cookie
| Type |
What it means |
Typical use |
| Session cookie |
Deleted when you close the browser |
Keeping you logged in for a visit |
| Persistent cookie |
Stored until an expiry date |
Remembering preferences over time |
| First-party cookie |
Set by the site you are visiting |
Login, cart, settings |
| Third-party cookie |
Set by another domain on the page |
Cross-site tracking and ads |
The privacy conversation centers on third-party cookies, which can follow you across different sites. First-party cookies that keep you logged in are far less controversial, and browsers in 2026 have steadily tightened restrictions on the third-party kind.
A concrete example
You log into an online store. The server checks your password once, then sends back a session cookie holding a random identifier. From then on, every page you load sends that cookie automatically, so the store knows it is still you without asking you to log in again on each click. Add an item to your cart and that state can be tied to the same session. Close the browser, and a session cookie disappears; a persistent one with an expiry would survive so the site remembers you next time.
Common misconceptions
- Cookies are programs that run on your computer. They are not. A cookie is just stored data; it cannot execute or directly harm your machine.
- All cookies track you. Many simply keep you logged in or store preferences. Cross-site tracking is mainly a third-party cookie concern.
- Clearing cookies makes you anonymous. It helps, but sites use other techniques too, so cookies are one piece of the privacy picture.
- A cookie can read your whole browser. A cookie is scoped to the site that set it and cannot freely read data belonging to other sites.
FAQ
What is a cookie used for?
To let a website remember things between requests — keeping you logged in, holding a shopping cart, storing preferences — since the web protocol itself does not remember between page loads.
Are cookies dangerous?
A cookie is just stored data, not a program, so it cannot run code or directly harm your device. The real concern is privacy, mainly from third-party cookies that track you across sites.
What is the difference between session and persistent cookies?
A session cookie is deleted when you close the browser. A persistent cookie stays until a set expiry date, so it can remember you across visits.
Does clearing cookies protect my privacy?
It helps reset tracking and logins, but sites also use other methods to recognize you. Clearing cookies is useful but not a complete privacy solution.
Where to go next
Learn how HTTP works, understand what a cache is, and see how to protect your privacy online.