Make delicious recipes!


Cookies can be classified as follows:

  1. Session cookie

A session cookie only lasts for the duration of users using the website. A web browser normally deletes session cookies when it quits. A session cookie is created when no-Expires directive is provided when the cookie is created.

  1. Persistent cookie

A persistent cookie will outlast user sessions. There expiry time can be set when a cookie is initially created.

  1. Secure cookie

A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitted from client to server. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.

  1. HttpOnly cookie

The HttpOnly cookie is supported by most modern browsers. An HttpOnly session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). This restriction mitigates but does not eliminate the threat of session cookie theft via cross-site scripting (XSS). This feature applies only to session-management cookies, and not other browser cookies.

  1. Third-party cookie

First-party cookies are cookies set with the same domain (or its subdomain) in your browser's address bar. Third-party cookies are cookies being set with different domains from the one shown on the address bar (i.e. the web pages on that domain may feature content from a third-party domain - e.g. an advertisement run by showing advertisement banners). (Privacy setting options in most modern browsers allow blocking of third-party tracking cookies).

  1. Super cookie

A "supercookie" is a cookie with a public suffix domain, like .com, etc.

Most browsers, by default, allow first-party cookies—a cookie with domain to be the same or sub-domain of the requesting host. A supercookie with domain .com would be blocked by browsers; otherwise, a malicious website, like, could set a supercookie with domain .com and potentially disrupt or impersonate legitimate user requests to

  1. Zombie cookie

A zombie cookie is any cookie that is automatically recreated after a user has deleted it. This is accomplished by a script storing the content of the cookie in some other locations, such as the local storage available to Flash content, HTML5 storages and other client side mechanisms, and then recreating the cookie from backup stores when the cookie's absence is detected.

Apart from server, java-script can also set cookies. This can be done as:

document.cookie = “name=value”

An HttpOnly cookie is not available for read/write by JS

Like us on Facebook to remain in touch
with the latest in technology and tutorials!

Got a thought to share or found a
bug in the code?
We'd love to hear from you:

Email: (Your email is not shared with anybody)

Facebook comments:

Site Owner: Sachin Goyal