Cookies: A Basic Form of Data Persistence
Plus they’re delicious with milk…
There are a lot of misconceptions about how cookies work, and I hope that this article can help clarify what cookies are, how they work and how they are commonly used today.
Disclaimer: I’m not an expert on the subject, and I welcome constructive criticism.
Why Cookies Were Invented
The Internet was originally designed to be anonymous. In other words, websites did not know who a visitor was. For example, if the same person visited 2 days in a row, the website wouldn’t know whether (A) 2 different people accessed the website, or (B) the same person visited twice.
Anonymity sounds pretty good, right? Yes, anonymity is an attractive proposition in many ways, but it can be pretty inconvenient. Imagine the following scenario:
Scenario: You go to a grocery website and you add 30–40 groceries you need. You get up to go to the bathroom, and when you come back to your computer, you discover that your roommate closed the grocery website. You frantically go back to the grocery website, and to your chagrin, you discover that hours of carefully selected groceries were lost. The website has no idea that you’re the same visitor that added those 30–40 items. You have to start over from the beginning.

In the early 1990’s, many ideas were circulating on how to fix this. One of the most popular proposals at the time was to add a unique identifier to each web browser so that a website could track and identify each user. The downside with this proposal is that a user’s unique identifier could be used to track a user across the entire web, posing serious privacy concerns.
Netscape invented the Cookie to solve this problem
In 1994, Netscape launched a web browser. Within a year, 90% of Internet users were using Netscape as their browser.
Cookies were invented when Netscape wanted to add a shopping cart for an e-commerce website they were building. They wanted the shopping cart to remember what you put into it even if you hadn’t created a website account yet. Musing thought: Was this the beginning of conversion optimizations?
How Do Cookies Work?
You visit a website and your browser starts requesting all the files that constitute the website.
So your browser asks the server, “Can I have sleepy-cat.gif?” and the server is like, “Yeah, here you go oh and take this [cookie] and bring it with you when you come back for more files. So I know it’s you.”
Your browser says “kthxbye” and then returns a nanosecond later: “Hi can I have invisible-bike-cat.jpg? Oh and here, I have this [cookie].” And then the server goes, “Oh it’s you.”
— Rob Flaherty
How are cookies different from the “unique browser identifier” idea, with all of its privacy concerns?
Well, unlike a browser identifier, cookies were designed to only identify you to the same website that gave you cookies in the first place.
For example, if you go to twitter.com, twitter.com’s server will give you some cookies to recognize you next time. The cookie file might look like this:
UserID A9A3BECE0563982D www.twitter.comIf you, later, go to giphy.com, your browser will get a new, different cookie that might look like this:
UserID 1179203810 www.giphy.comAs such, websites can identify repeat visitors, but your user ID varies from website to website. So, in the example above, even if Twitter and Giphy shared their data, they wouldn’t know that you are the same user.
Cookies were designed to only be sent to the domain that gave them the cookie in the first place. So, your browser will not send the twitter.com cookie to giphy.com, or vice-versa.
Common Use Cases
- Authentication: Users don’t want to type in my credentials every time they visit a website. Some websites allow users to store an authentication token in their cookies using the “Remember me” checkbox:

- Content personalization: Websites will look at persistent cookies to personalize recommendations on their own website, like Amazon.com

- A/B tests: Websites can show two different versions of a website to different users by random selection to test out different designs and see how they affect user behavior. Cookies allow these website to show unauthenticated users the same version of the website throughout their visits (to reduce confusion) as long as cookies aren’t cleared.
- Auto-fill: Websites can autofill forms for you with information that you’ve already given them on another page on their website.
- Ad personalization: When websites share data such as cookies, ads can become more relevant by personalizing them based on your browsing history. For example, if you search for “Solar panel” on Amazon.com, Amazon.com might add that search term to your cookie and then authorize Facebook.com to show you Amazon.com solar panel ads.
Third Party Cookies — An Unforeseen Problem

The creator of cookies, Lou Montulli, specifically designed cookies to prevent tracking users’ activity across the web. And yet, they are widely used to do exactly that. How did that happen?
Lou Montulli admits he missed the loophole that advertisers are using and explains how it works:
A problem that I missed during the Cookie design phase was an interaction between cookies and embedded content within a webpage.
Webpages […] contain references to other resources [like images, videos, etc.] that are loaded to display the site that the user sees. […]
This referencing technique is one of the things that make the Web so amazingly powerful. When Web Cookies are combined with embedded references that point to other websites they are called “3rd party cookies” and they represent a new way in which users can be tracked across multiple web sites.
— Lou Montulli, in his blog The Irregular musing of Lou Montulli
This sort of data sharing is a particularly controversial topic nowadays given (1) the recent Facebook data leak and (2) how a foreign government used personalized ads to influence the 2016 US Presidential election.
How Have Cookies Evolved?
Cookies have not changed a lot since they were invented 24 years ago. The biggest changes are how users can view and control cookies.
Nowadays, users can disable 3rd party tracking cookies. For example, in Chrome, you can go to chrome://settings/content/cookies and then check the box that says “Block third party cookies”

Are Cookies Going to Be Replaced?
Probably not. Cookies seem pretty essential to the Internet. If we replaced cookies, that would be a huge headache for web developers and probably a fruitless endeavor, since something else would crop up to accomplish advertiser’s goals.
A more likely scenario is that a combination of government policy and public pressure will keep pushing data privacy laws along and cookies will evolve to better protect user privacy.
About the Author:
My name is Nicolai and I’m currently a full-time student at Make School studying Web Development. I’ve been exposed to cookies in multiple different contexts. For example, as Make School’s former Head of Marketing, we used cookies to (1) run targeted ads, (2) run A/B tests, and (3) learn about user behavior in analytics tools like Mixpanel. Later, as Make School’s Head of Product, our Engineering team and I used cookies to (4) keep users logged in, (5) maintain progress through online tutorials before a user logs in, and (6) store referral and discount data. More recently, I’ve been learning about Data persistence in Make School’s BEW (Back End Web) curriculum.


