A cookie is a small piece of data that a web server asks a browser to store and send back with future requests to the same site.
Cookies help websites remember information across multiple page loads, such as login state, preferences, or tracking identifiers. Each cookie is associated with a domain and path and can have attributes that control its lifetime and visibility.
Because cookies travel with HTTP requests, they are a common mechanism for implementing sessions. Cookies can be either first party, set by the site you are visiting, or third party, set by other domains such as advertisers.
Strengths and Limitations
Cookies are simple and widely supported, which makes them a default tool for state on the web. Security attributes like HttpOnly and Secure help protect cookies from JavaScript access or unencrypted transmission.
However, misconfigured cookies can expose tokens or session identifiers to attackers. Browser privacy features and regulations have also introduced stricter rules around tracking cookies and consent.
For larger applications, cookies are often used only as a way to carry a session id while actual data lives on the server side. When designing systems with AI, it is useful to clarify whether state will be stored in cookies, local storage, or server side sessions.