Cookies can be classified as follows:
A session cookie only lasts for the duration of users using the website. A web browser normally deletes session cookies when it quits. A session cookie is created when no-Expires directive is provided when the cookie is created.
A persistent cookie will outlast user sessions. There expiry time can be set when a cookie is initially created.
A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitted from client to server. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
First-party cookies are cookies set with the same domain (or its subdomain) in your browser's address bar. Third-party cookies are cookies being set with different domains from the one shown on the address bar (i.e. the web pages on that domain may feature content from a third-party domain - e.g. an advertisement run by www.some-ad-co.com showing advertisement banners). (Privacy setting options in most modern browsers allow blocking of third-party tracking cookies).
A "supercookie" is a cookie with a public suffix domain, like .com, .co.uk etc.
Most browsers, by default, allow first-party cookies—a cookie with domain to be the same or sub-domain of the requesting host. A supercookie with domain .com would be blocked by browsers; otherwise, a malicious website, like attacker.com, could set a supercookie with domain .com and potentially disrupt or impersonate legitimate user requests to example.com.
A zombie cookie is any cookie that is automatically recreated after a user has deleted it. This is accomplished by a script storing the content of the cookie in some other locations, such as the local storage available to Flash content, HTML5 storages and other client side mechanisms, and then recreating the cookie from backup stores when the cookie's absence is detected.
Apart from server, java-script can also set cookies. This can be done as:
document.cookie = “name=value”
An HttpOnly cookie is not available for read/write by JS
|Email:||(Your email is not shared with anybody)|