Learning Objectives
- Explain what a cookie is and how websites and browsers use cookies.
- Distinguish session cookies from persistent cookies.
- Explain how cookies support personal details, preferences, shopping carts and login details.
- Evaluate cookie use in practical scenarios while remaining within syllabus scope.
Key Terms
- Cookie
- Small data stored by a browser for a website and returned when relevant communication occurs.
- Session cookie
- A temporary cookie used for the current browsing session.
- Persistent cookie
- A cookie stored beyond the current session until its expiry or deletion.
- Session
- A period of interaction between a user and a website.
- Preference
- A user choice, such as language or display setting, that can be remembered.
- Shopping cart
- A temporary record of items selected for possible purchase.
- Login details
- Information used to identify or authenticate a user; a site may store a related login preference or session identifier in a cookie.
- Personalisation
- Adapting a website experience using stored information about the user or session.

What A Cookie Is
A cookie is a small item of data associated with a website and stored by the web browser. When the browser later communicates with the relevant website, it can send the applicable cookie data. This allows the server to recognise information about the session or returning browser.
A cookie is not a program that independently runs like an application. It is stored data. The meaning of that data is determined by the website that created it.
Cookies help overcome the fact that separate web requests do not automatically provide a complete memory of earlier interaction. A cookie can carry an identifier or selected information so that the website can connect one request with an existing session or preference.
Session Cookies
A session cookie is intended for the current browsing session. It is useful for information that only needs to remain available while the user is actively using the site.
An online shopping cart is a common example. As the user moves from one page to another, the website must continue to associate selected items with that user session. A session cookie can help maintain this association.
Session cookies are normally removed when the session ends, such as when the browser is closed, although exact behaviour can depend on the browser and session handling. The syllabus distinction is that they are temporary compared with persistent cookies.
Persistent Cookies
A persistent cookie remains stored beyond the current session, normally until an expiry time is reached or the cookie is deleted. It can allow a website to recognise a returning browser.
Persistent cookies can store or refer to user preferences, such as a chosen language. They can also support remembered login settings or saved personal details where the user has agreed to that behaviour.
Because persistent cookies remain for longer, they can provide convenience but also create privacy concerns. Browser privacy settings can control or remove stored cookies.
Required Uses Of Cookies
The syllabus identifies several uses. Cookies can help save personal details, track user preferences, hold items in an online shopping cart and store login details. In a careful technical explanation, note that a cookie may store an identifier linked to information held by the server rather than storing every item of information directly.
Tracking preferences means remembering choices that change the user experience. Holding a cart means maintaining continuity between page requests. Storing login details may mean remembering a user identity or maintaining an authenticated session; it should not be assumed that a plain-text password is safely stored in a cookie.
Security And Privacy Considerations
Cookies can make websites easier to use, but a user should understand that they can also be used to recognise a returning browser and observe preferences. Privacy settings allow the user to restrict, inspect or delete cookies.
A cookie does not by itself prove that the person using a device is the original user. On a shared computer, a persistent login-related cookie can allow another person to access an account if the session has not been properly protected. Logging out and using suitable privacy settings reduce this risk.
Session And Persistent Cookies Compared
| Feature | Session Cookie | Persistent Cookie |
|---|---|---|
| Lifetime | Temporary for the current session | Remains beyond the session until expiry or deletion |
| Typical use | Maintaining a current cart or active session | Remembering preferences or recognising a returning browser |
| Convenience | Keeps related page requests connected | Avoids re-entering selected settings on later visits |
| Privacy consideration | Usually shorter-lived | Can track or remember information over a longer period |
Worked Examples
Choosing A Cookie Type
Question: A website needs to remember a learner’s selected language when the learner returns next week. Which type of cookie is most suitable?
- Identify that the information must remain after the current browser session.
- Compare the lifetime of session and persistent cookies.
Answer: A persistent cookie is suitable because it remains stored beyond the current session and can remember the language preference.
Maintaining A Shopping Cart
Question: Explain how a cookie can help maintain an online shopping cart while a user moves between pages.
- The website creates a session or cart identifier.
- The browser stores the cookie.
- The browser returns the identifier with later requests.
- The server uses it to retrieve the correct cart for that session.
Answer: The cookie lets the website connect separate page requests to the same cart or user session.
Examination Guidance
- Define the cookie before describing its use.
- When comparing types, make the lifetime difference explicit.
- Link a persistent cookie to a later visit and a session cookie to the current session.
- Avoid claiming that cookies are always harmful or always secure.
Common Mistakes
- Describing a cookie as executable malware.
- Saying every cookie disappears immediately after a page is changed.
- Claiming that a persistent cookie is permanent and can never be deleted.
- Assuming a cookie must contain the user’s password in readable form.
Knowledge Check
1. What is a cookie?
2. How does a session cookie differ from a persistent cookie?
3. Give two syllabus uses of cookies.
4. Which cookie type is suitable for remembering a preference on a later visit?
5. Why can persistent cookies create a privacy concern?