What are cookies? What are the differences between them (session vs. persistent)?

Available Languages

Download Options

  • PDF     (5.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (84.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (70.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:July 17, 2018
Document ID:117925

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes what HTTP cookies are and what the difference is between session cookies and persistent cookies.

    Background Information

    Cookies are strings of data that a web server sends to the browser. When a browser requests an object from the same domain in the future, the browser will send the same string of data back to the origin server.

    The data is sent from the web server in the form of an HTTP header called "Set-Cookie". The browser sends the cookie back to the server in an HTTP header called "Cookie".

    Here is an example of what an HTTP cookie transaction might look like:

    HTTP response from the web server:

    [...]
    Set-Cookie: first.lastname

    HTTP GET from the client:

    [...]
    Cookie: first.lastname

    In the sample transaction, the web server told the client to create the cookie "first.lastname". The next time the client requests an object from this domain it sends the cookie with the request. This illustrates how a web server might be able to recall certain information such as user logins.

    Types of Cookies

    There are two different types of cookies - session cookies and persistent cookies. If a cookie does not contain an expiration date, it is considered a session cookie. Session cookies are stored in memory and never written to disk. When the browser closes, the cookie is permanently lost from this point on. If the cookie contains an expiration date, it is considered a persistent cookie. On the date specified in the expiration, the cookie will be removed from the disk.

    There are several different fields a cookie can contain, separated by semicolons. The definitions are:

    expires

    expires="Wdy, DD-Mon-YYYY HH:MM:SS GMT"

    Determines when the cookie is to be deleted.


    path

    path=/

    Determines what path to return the cookie on. In this example, the cookie will be sent when going to the root path in a domain.


    domain

    domain=whatever.domain.com

    Specifies what domain the cookie is used for. If this does not match the domain currently being browsed to, it is considered to be a "3rd Party cookie" and will be rejected by the browser. This prevents one domain setting a cookie for a different domain.

    TAC Authored

    Contributed by Cisco Engineers

    • Stephan Fiebrandt
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products