Overview
When a user visits a website, the website may issue web cookies. These are small text files that are stored on the user’s device. In this tutorial, we will discuss the different types of web cookies.
Types of Web Cookies
The different types of web cookies are as follows:
- Session Cookies
- Persistent Cookies
- First-party Cookies
- Third-party Cookies
- Zombie Cookies
- Secure cookies
- HttpOnly cookies
Session Cookies
Session cookies are temporary cookies deleted when users close their web browser. They are used to remember information for a visitor’s session on a website. Session cookies store a user’s online activities during a session. For example, they remember information when a user logs in until they log out or close the web application. The session cookie expires when the user logs out from the website or web application.
Persistent Cookies
Persistent cookies are assigned an expiration date and do not expire until that date is reached. They remain active even after users log out or close the web page. These cookies are stored in a subfolder within the browser’s installation folder. JavaScript can create, read, and delete cookies by using the document.cookie property.
First-party Cookies
First-party cookies are cookies issued by the website a user is currently browsing. For example, if the user visits example.com on the web browser, a cookie issued by the example.com domain is known as the first-party cookie.
Third-party Cookies
Third-party cookies are those issued by a domain other than the one a user is visiting, often used for tracking and online advertising. For example, if the user visits example.com on the web browser, a cookie issued by the someexample.com domain is known as the third-party cookie w.r.t user’s browsing experience. Note that example.com and someexample.com are different domain names.
Zombie Cookies
Zombie cookies automatically recreate themselves after being deleted, making them difficult to remove. They use various methods to store out-of-sight copies on a user’s device.
Secure cookies
Secure cookies can only be transmitted over secure (HTTPS) connections.
HttpOnly cookies
HttpOnly cookies cannot be accessed via JavaScript, which can reduce the threat of certain types of attacks, like cross-site scripting (XSS).