Because of the stateless character of HTTP, cookies were invented to maintain continuity and states on the Web. Cookies which have user-related information are transmitted and stored, so an attacker can easily copy and modify them for his own purpose. Therefore, cookies are exposed to serious security threats such as network threats, end-system threats, and cookie-harvesting threats. In this paper, we present a secure cookie system for solving these security weaknesses of typical web cookies. Since our system is based on the Public Key Infrastructure (PKI), it provides mutual authentication between clients and servers, and ensures the confidentiality and integrity of user information. We have implemented our secure cookie system and compare it here to the Secure Socket Layer (SSL) protocol that is widely used to provide the security in the HTTP environment.