A cookie is a file created by a website that contains small amounts of data and that is sent between a sender and a receiver. In the case of the internet, the sender would be the server where the web page is hosted, and the receiver is the browser that you use to visit any web page.
A cookie's main purpose is to identify the user by storing their activity history on a specific website, so that the most appropriate content according to their habits can be offered. This means that each time a website is visited for the first time, a cookie is saved in the browser with a little information. Then, when the same page is visited again, the server asks for the same cookie to fix the configuration of the site and make the visit as personalized as possible.
These cookies can have a simple purpose, such as knowing when the user last visited a certain web page, or something more important, as it is used to keep all the items placed in the shopping cart of a storeāan action that is saved in real time.
There are several types of cookies, but the most common are called session cookies, which have a short lifespan since they are deleted when you close the browser. We also have persistent cookies, which are used to track the user by saving information about their behavior on a website for a certain period of time. Persistent cookies can be deleted by cleaning the browser data, but some have an expiration date.
Secure cookies store encrypted information to prevent the data stored in them from being vulnerable to malicious third-party attacks. They are used only in HTTPS connections.
Servers use cookies in various ways. They can add a unique ID to them, which enables them to track a client as they access different areas of a site. They can store a login token, which will automatically log the client in, even if the client leaves the site and then accesses it later. They can also be used for storing the client's user preferences or snippets of personalized information, and so on.
Cookies are necessary because the server has no other way of tracking a client between requests. HTTP is called a stateless protocol. It doesn't contain an explicit mechanism for a server to know for sure that two requests have come from the same client. Without cookies to allow the server to add some uniquely identifying information to the requests, things such as shopping carts would become impossible to build, because the server would not be able to determine which basket goes with which request.