What are HTTP or Browser Cookies?

  • -
What are HTTP or Browser Cookies? JA Publications, Inc.

What are HTTP or Browser Cookies?

What’s a browser cookie?


Here goes.

You visit a website and your browser starts requesting all the files that constitute the website. So your browser asks the server, “Can I have ar15-cat.jpeg?” and the server says, “Yeah, here you go and take this thing and bring it with you when you come back for more files. So I know it’s you.” Your browser says “kthxbye” and then returns a nanosecond later: “Hi can I have invisible-gunner.jpg? Oh and here, I have this thing.” And then the server says, “Oh it’s you.”

At this point you’ve probably figured out that the mentioned thing is the cookie. That’s far from a complete description and it doesn’t explain why a server might want to recognize a browser but that’s stuff you can easily look up elsewhere and also I said we were going to keep this short.

There’s no such thing as third-party cookies.

Your browser maintains a collection of cookies. It receives a request from a website to store a cookie and it adds the cookie to the collection. There isn’t a collection of first-party cookies and a collection of third-party cookies. There’s just a collection of cookies.

The thing to understand is that there is no intrinsic difference between a first-party cookie and a third-party cookie. There are only cookies. The distinction only exists at runtime, within the context of a particular visit.

If a cookie is associated with a file requested from the same domain as the page you are viewing, it’s a first-party cookie. A cookie associated with a file requested from a different domain is a third-party cookie. That’s it.

Notice that the same cookie can be a first-party cookie one moment and a third-party cookie the next. For instance, when you visit twitter.com your browser sets several cookies associated wth the *.twitter.com domain name. In the context of your stay on Twitter these are first-party cookies. If you then visit huffingtonpost.com, Huffington Post requests files from twitter.com and those requests include the same *.twitter.com cookies, which are now third-party cookies.