Why Is It Called 'Cookie'? — The Origin of the Term

The Story

In 1994, Lou Montulli, a 23-year-old engineer at Netscape, needed to solve a problem: how could a web server remember who a visitor was between page loads? HTTP is stateless — each request is independent. Montulli’s solution: store a small piece of data on the user’s computer and send it with every request.

He needed a name. He reached for an existing Unix concept: the magic cookie.

In Unix, a magic cookie was a short token passed between programs — usually for authentication. X11 used magic cookies to authorize access to the display server. The term itself came from the fortune cookie analogy: an opaque packet with a hidden message inside. You hand it to someone, they open it, and the message is revealed. You don’t eat the cookie — you read it.

Montulli shortened “magic cookie” to just “cookie,” and HTTP cookies were born. He implemented them in Netscape Navigator 0.9beta in 1994, and the web was never the same.

How It Evolved

Cookies enabled the modern web. Session management (stay logged in), personalization (shopping carts, language preferences), and tracking (advertising networks) all depend on cookies.

By the late 1990s, third-party cookies enabled cross-site tracking — advertisers could follow you across the web. This sparked decades of privacy debates. By the 2020s, browsers began blocking third-party cookies by default, and the industry started transitioning to alternatives.

The name “cookie” — warm, friendly, baked — masks the complexity and controversy of what those bytes do. It’s one of computing’s most effective naming choices: nobody fears a cookie.

Did You Know?

The Unix magic cookie got its name from the X Window System’s authentication scheme. An X server would generate a random token (the magic cookie) and store it in a file. When a client wanted to connect, it had to present the magic cookie — like a password, but disguised as dessert.

FAQ

Related Etymologies

Why Is It Called 'Cache'? Why Is It Called 'Firewall'?