Cookie
A Cookie in Salesforce refers to a small piece of data stored in the user's web browser by Salesforce or by Salesforce-hosted sites (such as Experience Cloud sites or Salesforce Sites).
Definition
A Cookie in Salesforce refers to a small piece of data stored in the user's web browser by Salesforce or by Salesforce-hosted sites (such as Experience Cloud sites or Salesforce Sites). Cookies are used for session management, user authentication, remembering user preferences, and tracking analytics. Salesforce uses both first-party and third-party cookies for functionality and performance monitoring.
In plain English
“A Cookie is a small piece of information that a website (like Salesforce) saves in your browser. It's used to remember things like whether you're logged in, what preferences you've set, and to track analytics. When you come back to the site, the browser sends the cookie back so the site knows it's you.”
Worked example
When a customer logs into Eastvale Software's Experience Cloud customer portal, Salesforce sets a session Cookie in the customer's browser containing the authenticated session ID. On subsequent page requests, the browser sends the Cookie back, and Salesforce recognizes the session - the customer doesn't have to re-authenticate. Other Cookies remember preferences (display language, time zone) and track analytics for traffic monitoring. Salesforce's privacy controls let admins configure first-party vs third-party Cookie behavior; portal builders use Cookies for user-state across pages without database round-trips.
Why Cookie matters
Cookies are small pieces of data stored by a website in the user's web browser. Salesforce uses cookies for several purposes: session management (keeping the user logged in as they navigate between pages), user preferences (remembering settings like language or theme), analytics (tracking page views and feature usage), and security (protecting against cross-site request forgery). These are typically set as first-party cookies by Salesforce's own domains.
Salesforce Experience Cloud sites and Salesforce Sites can also set cookies for their own purposes, like tracking guest users' session state or remembering preferences on a customer-facing portal. Third-party cookies (set by domains other than the one being visited) are becoming increasingly restricted by modern browsers for privacy reasons, which affects certain cross-domain tracking scenarios. Modern web development and integrations should account for these privacy restrictions, using first-party cookies where possible or alternative mechanisms like localStorage or server-side session tracking.
How organizations use Cookie
Built a custom Experience Cloud site that uses first-party cookies to remember guest users' language preference across visits. The cookie persists for 30 days so returning visitors see the site in their preferred language.
Audited cookie usage on their customer-facing portal for GDPR compliance. Every cookie was classified as strictly necessary or optional, and the site now shows a clear consent banner for non-essential cookies.
Discovered that a third-party cookie-based tracker had stopped working in Safari due to privacy restrictions. They switched to a server-side tracking approach that doesn't depend on third-party cookies.
Test your knowledge
Q1. What is a cookie?
Q2. Why are third-party cookies becoming more restricted?
Q3. What's a good practice for sensitive cookies?
Discussion
Loading discussion…