Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

iOS 11 Cookie Changes - Seeking technical explanation

Tags:

cookies

ios11

iOS 11 apparently brings significant changes to the way cookies work.

Can someone provide me with a comprehensive, technically detailed description of the exact behaviour changes?

If we're all going to need to make modifications to the way our site's work to support this, this feels like an important question/thread to populate with concise details as a reference for everyone.

The best I can find are articles like this:

https://adexchanger.com/data-driven-thinking/apples-upcoming-safari-changes-will-shake-ad-tech/

like image 752
Andrew Bullock Avatar asked Aug 31 '17 06:08

Andrew Bullock

1 Answers

The actual feature of concern is Webkit's Intelligent Tracking Prevention.

This is covered in a post on the Webkit blog: https://webkit.org/blog/7675/intelligent-tracking-prevention

I'll attempt to summarise for the benefit of SO:

The intention is that third-party cookies from sites that are determined to perform Cross-site tracking can only be available on your site if the user is an active user of the third party site.

A machine learning algorithm, on device, makes the determination that a site is doing cross-site tracking. The exact conditions that would trigger this determination are not made clear in the blog post.

Example:

Using AdTech Co as an example, and Foo.com as your site.

  • you have AdTech Co tracking code on your site, foo.com which relies on a adtech.com cookie to identify the user.

  • adtech.com is a third-party cookie, it isn't a subdomain of foo.com, it has already been determined to be a Cross site tracker

  • Whether the user is an active user of AdTech Co is tracked by the browser - have they actually browsed adtech.com as a user?

If the user has actually browsed adtech.com in the past day:

  • Cookies work as normal

If the user has browsed adtech.com between 1-30 days ago:

  • Cookies are partitioned, meaning that adtech.com cookies can be stored and retrieved, but are scoped to foo.com. AdTech Co code running on bar.com would not be able to read these cookies, even though they are owned by adtech.com

If the user hasn't browsed adtech.com in 30 days:

  • The cookies are purged entirely

Here's the image from the blog post showing these rules:

Third party cookie rules

like image 89
Nevett Avatar answered Nov 08 '22 04:11

Nevett
Sign in to Comment

Related questions

Cookies not sent by browser on same server with different port
iPhone web app, not storing cookie
Response.Cookies gets reset when RedirectToAction is called
Is it possible to implement "Remember Me" using jquery cookies?
Adding cookies to drag and drop
Cookie data size exceeds 4K - But its 'only' 1100 bytes encrypted
Configure two cxf jaxrs clients to use the same session (cookies)
PHP empty session files generated by login system
Setting a slash on cookie path?
FormsAuthentication.SignOut Not Working With Custom-Domain Cookie
How to understand a security warning in google chrome for a static resource served by Asp.net
Need cookie to remember two-factor authentication success (not persistent login)
What is the correct way to trigger OWIN cookie middleware set to passive authentication mode?
secure cookies node.js + Heroku + CloudFlare
ColdFusion 11 - 500 Internal Server Error from Non-ASCII Cookie Character
`$cookies.put()` takes 30 seconds to save the cookie on disk on Android
working with cookies without sending to the browser and document headers
Django: Sessions not working as expected on Heroku
How can I retrieve multiple websites asynchronously?
Cookie not deleted after logout with Asp.Net 5 Identity 3.0

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!