, also known as an HTTP cookie
, web cookie
, or browser cookie
, is usually a small piece of data sent from a website and stored in a user's web browser
while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity.
Cookies were designed to be a reliable mechanism for websites to remember the state
of the website or activity the user had taken in the past. This can include clicking particular buttons, logging in
, or a record of which pages were visited by the user even months or years ago.
Although cookies cannot carry viruses
, and cannot install malware
on the host computer, tracking cookies
and especially third-party tracking cookies
are commonly used as ways to compile long-term records of individuals' browsing histories — a major privacy concern
that has prompted European and US law makers to take action.
Other kinds of cookies perform essential functions in the modern Web. Perhaps most importantly, authentication cookies
are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in under. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate himself by logging-in. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser
. If not implemented correctly, a cookie's data can be intercepted by a hacker
to gain unapproved access to the user's data and possibly to the originating website.