What is Cookies and Why it is Used?

What is Cookies?

Cookies are little text files that websites save on the user’s device (such as a computer or mobile device) when the user visits the website. These files include information that the website may download and utilize the next time the visitor visits the site.

HTTP cookies are required for modern Internet use, yet they compromise your privacy. HTTP cookies, which are a required aspect of online browsing, assist web developers in providing you with more personalized, easy website visits. Websites may remember you, your website logins, shopping carts, and other information via cookies. They may, however, be a goldmine of private information for crooks to snoop on.

Different types of cookies – Magic Cookies and HTTP Cookies

Magic cookies :- The term “magic cookies” originated in the early days of computers and describes data packets that are delivered and received unchanged. This is frequently used to enter into computer databases, such a company’s internal network. The term “cookie” as we know it today predates this concept.

HTTP cookies :- HTTP cookies are a modified form of the “magic cookie” designed for web browsing. The “magic cookie” inspired web browser creator Lou Montulli in 1994. When he assisted a website for online shopping in repairing its overburdened servers, he duplicated this idea for browsers.

What Are Cookies Used For?

Websites utilize HTTP cookies to improve the user experience. Without cookies, you would have to log back in each time you left a website or, if you accidently closed the browser, rebuild your shopping cart. making cookies a crucial component of using the internet.

Session management :- Transient cookies and per-session cookies are other names for session cookies. While a person is browsing a website, session cookies save data. Once the user ends the session, these cookies are removed.

Persistent cookie :- Cookies that are persistent are kept for a certain period of time. Until they are erased or they expire, these cookies stay on your device. Because they are used to gather user data including browsing patterns and preferences, persistent cookies are also known as tracking cookies.

First-party and third-party cookies :- Cookies that are set by websites that users visit directly are known as first-party cookies. These cookies typically store data relevant to or related with the website, such as user preferences or location.
Cookies that are associated with third-party content, such as embedded videos, advertisements, web banners, and scripts, are referred to as third-party cookies. Third-party cookies are frequently used by advertisers to monitor user behaviour.

Tracking :- Shopping sites use cookies to keep track of the items that users have previously viewed, allowing the sites to propose more things that they may be interested in and store products in their shopping carts while customers browse elsewhere.


Unsecured cookies may potentially provide a security risk to website owners and users. The original website or a third party receives unencrypted data about an insecure cookie over HTTP. That’s a low danger if the information is something straightforward, like if the person has already visited the site. Some websites, however, may use cookies to store user data, including personally identifying information such as login passwords and payment card details. Unencrypted transmissions of such kind of data leave them open to interception and misuse by criminals. A secure cookie only permits the transmission of cookie data via HTTPS and does not carry the same danger.

Tagged : / / / / / / / /

Replace/Append Cookies in JavaScript

Replace/Append Cookies

When we assign a new cookie value to document.cookie, the current cookie is not replaced. The new cookie is parsed and its name-value pair is appended to the list. The exception is when you assign a new cookie with the same name (and same domain and path, if they exist) as a cookie that already exists. In this case, the old value is replaced with the new.

Reading Cookie

We can read cookies by a document.cookie. The problem occurs when we need the specific part of the cookie to perform some action.

Deleting Cookies

A cookie is deleted by setting a cookie with the same name (and domain and path, if they were set) with an expiration date in the past and if using max-age then must set a negative value.


Updating Cookies

A cookie is possible to update by setting a new value to a cookie with the same name.

Cookies Security Issues

  • Can misuse Client Details
  • Can track User
  • Client Can Delete Cookies
  • Client can Manipulate Cookies

Cookies Limitation

  • Support HTML4 / HTML 5
  • Each cookie can contain 4kb Data
  • Cookies can be stored in Browser and server
  • It is sent with each request
Tagged : / / /

How many create cookies in JavaScript?

JavaScript Cookies

Cookies are exposed as the cookie property of the Document object. This property is both readable and writeable.

You can see Cookies in Google Chrome by following chrome://settings/content/cookies

Creating Cookies

When you assign a string to document.cookie, the browser parses it as a cookie and adds it to its list of cookies. There are several parts to each cookies, many of them optional.

Syntax: –

document.cookie = “name=value”;
document.cookie = “name=value; expires=date; domain=domain; path=path; secure”;
document.cookie = “name=value; max-age=inSecond; domain=domain; path=path; secure”;


Creating Cookies

Optional Cookies Attribute:-


Whenever you omit the optional cookie fields, the browser fills them in automatically with reasonable defaults.


It is used to create persistent cookies. It is supported by all modern browsers except IE.

Type of cookies: –

  • Session Cookies – Cookies that are set without the expires/max-age field are called session cookies. It is destroyed when the user quits the browser.
  • Persistent Cookies – The browser keeps it up until their expiration date is reached.



It is used to create persistent cookies.

Type of cookies: –

  • Session Cookies – Cookies that are set without the expires/max-age field are called session cookies. It is destroyed when the user quits the browser.
  • Persistent Cookies – The browser keeps it up until their expiration date is reached.


document.cookie = “username=devops; expires=Monday, 3-Sep-2018 09:00:00 UTC”;


It specifies the domain for which the cookie is valid. If not specified, this defaults to the host portion of the current document location. If a domain is specified, subdomains are always included.

Ex: –


Path can be / (root) or /mydir (directory). If not specified, defaults to the current path of the current document location, as well as its descendants.

Ex: – document.cookie = “username=devops; path=/”;

Ex: – document.cookie = “username=devops; path=/home”;


Cookie to only be transmitted over secure protocol as https. Before Chrome 52, this flag could appear with cookies from http domains.

Ex: – document.cookie = “username=devops; secure”;

Tagged : / / / / /

What are cookies in JavaScript?


A cookie is a small piece of text data set by the Web server that resided on the client’s machine. Once it’s been set, the client automatically returns the cookie to the webserver with each request that it makes. This allows the server to place values it wishes to ‘remember’ in the cookie, and have access to them when creating a response.

How Cookie Works

How Cookie Works

How Cookie Works

How Dangerous Cookies are

Type of Cookies

  • Session Cookies – Cookies that are set without the expires field are called session cookies. It is destroyed when the user quits the browser.
  • Persistent Cookies – The browser keeps it up until their expiration date is reached.
Tagged : / / /