What is Cookie?

Turkish: Cookie

A cookie is a small browser-stored value tied to a domain, used for sessions, preferences, consent, and limited tracking.

A cookie is a small key-value record that a website stores in the browser. When the browser sends another request to the same domain, it includes the relevant cookies, allowing the site to keep a session active, remember a language preference, or store permitted measurement data.

How Does It Work?

The server sends a Set-Cookie header in the response. The browser stores the value together with attributes such as domain, path, lifetime, and security flags. Later requests include it in the Cookie header. Because users can inspect and modify cookie values, passwords and sensitive personal data should not be stored in plain text.

Important Flags

  • HttpOnly: Prevents JavaScript from reading the cookie, reducing the impact of XSS.
  • Secure: Sends the cookie only over HTTPS.
  • SameSite: Controls whether the cookie is sent with cross-site requests.
  • Expires / Max-Age: Defines when the cookie is removed.

Sessions and Tracking

A session cookie usually carries a random identifier that points to server-side session state. Some systems store a JWT inside a cookie; in that case HttpOnly, Secure, and an appropriate SameSite setting are critical.

Analytics and advertising cookies need separate privacy treatment. Under GDPR and similar rules, non-essential cookies require consent, preference management, and a clear retention period.

Business Use

Cookie management is basic infrastructure for member areas, e-commerce carts, language or theme preferences, and measurement systems. A careful cookie policy affects user experience, security, and compliance risk at the same time.