Cookies are small pieces of data stored in the browser that sites use for session management, user preferences, analytics, and security.

Why are third-party cookies becoming more restricted?

Modern browsers are restricting third-party cookies as a privacy measure, which affects certain cross-domain tracking and identification scenarios.

What's a good practice for sensitive cookies?

Secure and HttpOnly flags protect cookies from interception and JavaScript access, making them safer for sensitive data.

Cookie

Development🟡 Intermediate

Definition

A Cookie in Salesforce refers to a small piece of data stored in the user's web browser by Salesforce or by Salesforce-hosted sites (such as Experience Cloud sites or Salesforce Sites). Cookies are used for session management, user authentication, remembering user preferences, and tracking analytics. Salesforce uses both first-party and third-party cookies for functionality and performance monitoring.

Real-World Example

Consider a scenario where a developer at Quantum Labs is working with Cookie to build a custom solution that extends the platform beyond its standard capabilities. They write clean, bulkified code for Cookie, add comprehensive test coverage, and deploy it through a CI/CD pipeline. The new functionality handles 10,000 records without hitting governor limits.

Why Cookie Matters

Cookies are small pieces of data stored by a website in the user's web browser. Salesforce uses cookies for several purposes: session management (keeping the user logged in as they navigate between pages), user preferences (remembering settings like language or theme), analytics (tracking page views and feature usage), and security (protecting against cross-site request forgery). These are typically set as first-party cookies by Salesforce's own domains.

Salesforce Experience Cloud sites and Salesforce Sites can also set cookies for their own purposes, like tracking guest users' session state or remembering preferences on a customer-facing portal. Third-party cookies (set by domains other than the one being visited) are becoming increasingly restricted by modern browsers for privacy reasons, which affects certain cross-domain tracking scenarios. Modern web development and integrations should account for these privacy restrictions, using first-party cookies where possible or alternative mechanisms like localStorage or server-side session tracking.

How Organizations Use Cookie

•Quantum Labs — Built a custom Experience Cloud site that uses first-party cookies to remember guest users' language preference across visits. The cookie persists for 30 days so returning visitors see the site in their preferred language.
•CodeBridge — Audited cookie usage on their customer-facing portal for GDPR compliance. Every cookie was classified as strictly necessary or optional, and the site now shows a clear consent banner for non-essential cookies.
•TerraForm Tech — Discovered that a third-party cookie-based tracker had stopped working in Safari due to privacy restrictions. They switched to a server-side tracking approach that doesn't depend on third-party cookies.