What is Cookie?
Turkish: Cookie
A cookie is a small browser-stored value tied to a domain, used for sessions, preferences, consent, and limited tracking.
What is a Cookie?
A cookie is a small key-value record that a website stores in the browser. When the browser sends another request to the same domain, it includes the relevant cookies, allowing the site to keep a session active, remember a language preference, or store permitted measurement data.
How Does It Work?
The server sends a Set-Cookie header in the response. The browser stores the value together with attributes such as domain, path, lifetime, and security flags. Later requests include it in the Cookie header. Because users can inspect and modify cookie values, passwords and sensitive personal data should not be stored in plain text.
Important Flags
- HttpOnly: Prevents JavaScript from reading the cookie, reducing the impact of XSS.
- Secure: Sends the cookie only over HTTPS.
- SameSite: Controls whether the cookie is sent with cross-site requests.
- Expires / Max-Age: Defines when the cookie is removed.
Sessions and Tracking
A session cookie usually carries a random identifier that points to server-side session state. Some systems store a JWT inside a cookie; in that case HttpOnly, Secure, and an appropriate SameSite setting are critical.
Analytics and advertising cookies need separate privacy treatment. Under GDPR and similar rules, non-essential cookies require consent, preference management, and a clear retention period.
Business Use
Cookie management is basic infrastructure for member areas, e-commerce carts, language or theme preferences, and measurement systems. A careful cookie policy affects user experience, security, and compliance risk at the same time.
Related Terms
GDPR regulates personal data processing for people in the EU and EEA, defining transparency duties, individual rights, and controller obligations.
JWT (JSON Web Token)JWT is a signed and encoded JSON-based token standard used to carry verifiable claims between APIs, clients, and services.
SessionA session links a user's identity and temporary state across requests in a web application, using server-side or client-side storage.
Web StorageWeb Storage stores small key-value data in the browser through localStorage and sessionStorage for client-side state.