HTTP Cookies: Session vs Persistent, First vs Third Party

Because HTTP/HTTPS are stateless, HTTP cookies maintain continuity. Session cookies last until the browser closes; persistent cookies can last indefinitely. A domain can only read cookies it set - first-party cookies come from the visited site, third-party cookies from others.

HTTP and HTTPS are stateless, so HTTP cookies maintain continuity (e.g. staying logged in, keeping a cart filled). A domain can only read and write cookies it itself set - one company's cookie cannot be read by others. The 'second party' is understood to be the user surfing the web.

Cookie classifications
Type	Lifespan / origin
Session cookie	Lasts only until the browser is closed
Persistent cookie	Can be saved indefinitely; duration set by the site that placed it
First-party cookie	Set by the site the user is actually visiting
Third-party cookie	Set by any other company (e.g. ad network, social network)

Cookie classifications

Type

Lifespan / origin

Session cookie

Lasts only until the browser is closed

Persistent cookie

Can be saved indefinitely; duration set by the site that placed it

First-party cookie

Set by the site the user is actually visiting

Third-party cookie

Set by any other company (e.g. ad network, social network)

Key terms - quick answers

What is “HTTP cookie”?

A small data file that links a device to its previous web actions, maintaining continuity because HTTP is stateless.

What is “Stateless”?

A property of HTTP/HTTPS meaning the protocols are not designed to remember past interactions with a particular user.

What is “Session cookie”?

A cookie stored only until the browser is closed, holding limited information about that session (e.g. keeping a user logged in or a cart filled during a visit).

What is “Persistent cookie”?

A cookie saved indefinitely (for a duration set by the website that placed it), able to recognize a user across days.