A cookie is a small text file that a website can write to your computer. It typically includes a unique ID for each visitor. Remember that there isn’t a one-to-one relationship between a “visitor” and a person. The “visitor” is an internet browser, like Chrome or Safari. There’s often a human behind that browser, but not always. A lot of internet traffic is from bots.
Here’s how it works. A browser makes a request to a website. The website wants to know if this is a new visit or a return visit, so it looks for the cookie on the browser. If the cookie exists, it registers a return visit. If the cookie doesn’t exist, it assigns an ID and writes that to a new cookie in the browser so the site can identify the visitor on your the next page request.
Cookies are necessary because the internet was built on anonymous, stateless connections. If it weren’t for cookies, every time a web browser requests a page, the server sees that request as a new, anonymous visitor. The web server doesn’t know if a visitor is new or if it’s made 100 requests before — unless it can read that cookie.
This anonymous, stateless environment presented a challenge for logins because every page view was a new, anonymous request. In order to “maintain state” – that is, to recognize a visitor as the same user across multiple page views — the website has to have something to identify that user. That’s what the cookie does.
Right now, your internet browser probably has cookies for hundreds of websites, and on some sites, like Amazon or Gmail, that cookie might keep you logged in. If you were to delete your cookies, the next time you visited any of those sites, you’d have to log in again.
