Cookie types

Session cookie

A session cookie for a website only exists whilst the user is reading or navigating the website. When the user closes their web browser these cookies are usually removed.

Persistent cookie

A persistent cookie for a website exists on a users computer until a future date. For example the cookie expiry date could be set as 1 year, and each time a website is accessed over this period the website could access the cookie.

HttpOnly cookie

A HttpOnly cookie can only be used via HTTP or HTTPS, and therefore cannot be accessed by javascript. This reduces threat of session cookie theft via cross site scripting (XSS).

Secure cookie

A secure cookie can only be used via HTTPS. This ensures the cookie data is encrypted, reducing the expose to cookie theft via eavesdropping.

Third-party cookie

First-party cookies are cookies set with the same domain (or its subdomain) as your browser’s address bar. Third-party cookies are cookies set with domains different from the one shown on the address bar. The web pages on the first domain may feature content from a third-party domain, e.g. an advert run by www.advertexample.com. Privacy setting options in most modern browsers allow you to block third-party tracking cookies.