Made in italy since 1919
Go Back

A cookie is a technology for remembering information

A cookie is a small text file which is stored by the user’s browser.
The cookie only contains data, not code, so it can’t contain a virus or spyware, they can only ever store information.

A cookie remembers information about a specific website, this information is restricted to a specific domain. The domain prevents other websites from accessing each other’s cookies. However there are ways that websites can share information as we’ll see.

Session cookie

A session cookie expires when the user closes their browser, and sometimes just after a certain period of time has elapsed (for example, on mobile devices, where the concept of ‘closing your browser’ is less relevant). Sessions are therefore ideal to remember – for example – if a user has logged in to a website. When they close their browser they are automatically logged out. They are usually considered relatively unobtrusive from a privacy perspective.

Persistent cookie

A persistent cookie expires after a fixed date, for example after one year. They are not cleared when the user closes their browser. A common use of a persistent cookie is the “Keep me logged in” box found beneath many login areas. For this to work, the cookie must be stored after the user closes their browser. However persistent cookies are also used to track users in unexpected ways. For example, if you visit Google they give you a unique cookie to track you with. They can then use this cookie to recognise and link your behaviour between their many sites – they might for example know what you search for, what websites you visit etc. They can then use this information to target advertising at you on those same sites.

First party cookies

A first party cookie is restricted to the same domain as the website you are viewing. For example, if you were visiting, a first party cookie would only be readable by pages inside

Third party cookies

A third party cookie is set by a domain other than the one the user is visiting. For example, if a user visits, a third party cookie might be set by Now if the user visits, this website could also use the third party cookie set by In effect, the user is recognised between sites. The reality is more complex. In this example neither or can actually see the cookies being set, only can. However there is nothing stopping from collecting information in this way and sharing it with others, including the other two websites. Third party cookies are most commonly used for tracking users by advertising networks, search engines and social media sites. For something like the Facebook Like button to work on websites other than Facebook’s, third party cookies are essential. However, because they allow tracking between websites that a user may not expect, they are generally frowned upon by privacy advocates. How browsers control cookies All major browsers provide security controls for cookies. Generally these allow users to choose to block all cookies, to only allow specific cookies, or to block third party cookies. The official standards for cookies (RFC 2109 and RFC 2965) say that by default browsers should block third party cookies. However almost all browsers permit them, as long as the website setting the cookie has a P3P privacy policy installed, which is a simple system for stating what your website’s privacy policy is. In reality, a P3P policy can be empty or unused, allowing third party cookies regardless.