diff --git a/actix-web/Cargo.toml b/actix-web/Cargo.toml
index aea8856b1..30176fcd6 100644
--- a/actix-web/Cargo.toml
+++ b/actix-web/Cargo.toml
@@ -99,7 +99,7 @@ ahash = "0.8"
 bytes = "1"
 bytestring = "1"
 cfg-if = "1"
-cookie = { version = "0.16", features = ["percent-encode"], optional = true }
+cookie = { version = "0.18", features = ["percent-encode"], optional = true }
 derive_more = "0.99.8"
 encoding_rs = "0.8"
 futures-core = { version = "0.3.17", default-features = false }
diff --git a/actix-web/src/response/builder.rs b/actix-web/src/response/builder.rs
index 023842ee5..50228a7c8 100644
--- a/actix-web/src/response/builder.rs
+++ b/actix-web/src/response/builder.rs
@@ -228,12 +228,12 @@ impl HttpResponseBuilder {
     ///
     /// let res = HttpResponse::Ok()
     ///     .cookie(
-    ///         Cookie::build("name", "value")
+    ///         Cookie::build(("name", "value"))
     ///             .domain("www.rust-lang.org")
     ///             .path("/")
     ///             .secure(true)
     ///             .http_only(true)
-    ///             .finish(),
+    ///             .build(),
     ///     )
     ///     .finish();
     /// ```
@@ -243,10 +243,10 @@ impl HttpResponseBuilder {
     /// use actix_web::{HttpResponse, cookie::Cookie};
     ///
     /// // the name, domain and path match the cookie created in the previous example
-    /// let mut cookie = Cookie::build("name", "value-does-not-matter")
+    /// let mut cookie = Cookie::build(("name", "value-does-not-matter"))
     ///     .domain("www.rust-lang.org")
     ///     .path("/")
-    ///     .finish();
+    ///     .build();
     /// cookie.make_removal();
     ///
     /// let res = HttpResponse::Ok()
diff --git a/actix-web/tests/test_server.rs b/actix-web/tests/test_server.rs
index 8fb80216b..3ab17a7a9 100644
--- a/actix-web/tests/test_server.rs
+++ b/actix-web/tests/test_server.rs
@@ -776,9 +776,9 @@ async fn test_server_cookies() {
         App::new().default_service(web::to(|| async {
             HttpResponse::Ok()
                 .cookie(
-                    Cookie::build("first", "first_value")
+                    Cookie::build(("first", "first_value"))
                         .http_only(true)
-                        .finish(),
+                        .build(),
                 )
                 .cookie(Cookie::new("second", "first_value"))
                 .cookie(Cookie::new("second", "second_value"))
@@ -791,9 +791,9 @@ async fn test_server_cookies() {
     assert!(res.status().is_success());
 
     {
-        let first_cookie = Cookie::build("first", "first_value")
+        let first_cookie = Cookie::build(("first", "first_value"))
             .http_only(true)
-            .finish();
+            .build();
         let second_cookie = Cookie::new("second", "first_value");
 
         let cookies = res.cookies().expect("To have cookies");
diff --git a/awc/Cargo.toml b/awc/Cargo.toml
index da9e78ae8..8b01ab1bc 100644
--- a/awc/Cargo.toml
+++ b/awc/Cargo.toml
@@ -98,7 +98,7 @@ serde_json = "1.0"
 serde_urlencoded = "0.7"
 tokio = { version = "1.24.2", features = ["sync"] }
 
-cookie = { version = "0.16", features = ["percent-encode"], optional = true }
+cookie = { version = "0.18", features = ["percent-encode"], optional = true }
 
 tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
 tls-rustls-0_20 = { package = "rustls", version = "0.20", optional = true, features = ["dangerous_configuration"] }
diff --git a/awc/src/test.rs b/awc/src/test.rs
index 126583179..75db87322 100644
--- a/awc/src/test.rs
+++ b/awc/src/test.rs
@@ -110,7 +110,7 @@ mod tests {
         let res = TestResponse::default()
             .version(Version::HTTP_2)
             .insert_header((header::DATE, HttpDate::from(SystemTime::now())))
-            .cookie(cookie::Cookie::build("name", "value").finish())
+            .cookie(cookie::Cookie::build(("name", "value")).build())
             .finish();
         assert!(res.headers().contains_key(header::SET_COOKIE));
         assert!(res.headers().contains_key(header::DATE));
diff --git a/awc/src/ws.rs b/awc/src/ws.rs
index c3340206d..c55f09c3c 100644
--- a/awc/src/ws.rs
+++ b/awc/src/ws.rs
@@ -520,7 +520,7 @@ mod tests {
             .protocols(["v1", "v2"])
             .set_header_if_none(header::CONTENT_TYPE, "json")
             .set_header_if_none(header::CONTENT_TYPE, "text")
-            .cookie(Cookie::build("cookie1", "value1").finish());
+            .cookie(Cookie::build(("cookie1", "value1")).build());
         assert_eq!(
             req.origin.as_ref().unwrap().to_str().unwrap(),
             "test-origin"
diff --git a/awc/tests/test_client.rs b/awc/tests/test_client.rs
index 76915630f..adc11173a 100644
--- a/awc/tests/test_client.rs
+++ b/awc/tests/test_client.rs
@@ -679,13 +679,13 @@ async fn body_streaming_implicit() {
 async fn client_cookie_handling() {
     use std::io::{Error as IoError, ErrorKind};
 
-    let cookie1 = Cookie::build("cookie1", "value1").finish();
-    let cookie2 = Cookie::build("cookie2", "value2")
+    let cookie1 = Cookie::build(("cookie1", "value1")).build();
+    let cookie2 = Cookie::build(("cookie2", "value2"))
         .domain("www.example.org")
         .path("/")
         .secure(true)
         .http_only(true)
-        .finish();
+        .build();
     // Q: are all these clones really necessary? A: Yes, possibly
     let cookie1b = cookie1.clone();
     let cookie2b = cookie2.clone();