DEV Community

Sarah Jones
Sarah Jones

Posted on

Cookies 🍪

Since 2020, Google has been talking about a plan for Chrome to block third-party cookies that can track user activity across many different websites. While Google’s plans for cookie disabling and deprecation have been pushed back a few times, marketers have been forced to think about what their marketing strategy would look like in a cookieless world.

While the deprecation of third-party cookies would impact marketers, it would not primarily impact website developers. This is because website developers that use cookies to store login credentials, use first-party cookies to do so.

First-Party vs. Third-Party Cookies

First-Party Cookies:
First-party cookies are created and used on a single domain. Their most common uses include remembering a user’s language settings, items added to cart, and personal user data like email addresses and passwords. If first-party cookies were blocked, a user would have to sign-in every time they visited a website. They also wouldn’t be able to purchase multiple items while shopping online, because the cart would reset after every item that was added. First-party cookies are typically trusted by users (more so than third-party cookies), because they seek to improve the user experience of a website.

Third-Party Cookies:
Third-party cookies are created on one domain and shared across all third-party domains that use the same tracking code. They are typically used for online-advertising purposes and placed on a website through a script or a tag. When a user receives ads or emails highlighting a product or products that they viewed online but never bought, this means that they have interacted with third-party cookies. Compared to first-party cookies, users sometimes don’t enjoy these interactions with third-party cookies. They may not find that they improve their online shopping experience, and sometimes feel like it’s an invasion of privacy.

First-Party Cookies and Login Credentials Using Flask
As was mentioned previously, first-party cookies can be used for website login authentication. When utilizing Flask as a part of a website’s backend, developers can encrypt and sign a special cookie known as a session using the session module (instead of sending cookies in plain text). The session module is imported from flask, and behaves like a dictionary: session['user_id'] = user.id

By default, Flask manages all session data in a single cookie. It serializes all the key / value pairs that are set with session, converting them from a Python object into a big string. Whenever a key is set with the session module, Python updates the value of its session cookie to this string.

When cookies are set this way, Flask signs them to prevent users from tampering with them. Flask servers have a key, configured in their app (app.secret_key='Example_Key'). When given the same message and same secret key, Flask will produce the same output.

Conclusion
Ultimately, the deprecation of third-party cookies will impact marketers more than it will website developers. However, it is important for developers to understand third-party cookies' uses, because they may be responsible for adding or removing those scripts / tags from a website.

Resources
"Authenticating Users." Canvas - Flatiron School, Accessed 19 June 2023.
"Cookies and Sessions." Canvas - Flatiron School, Accessed 19 June 2023.
Lane, Patrick. "First-Party Cookies vs. Third-Party Cookies (Biggest Differences)." Terakeet, 4 Feb. 2022,
terakeet.com/blog/first-party-cookies-vs-third-party-cookies/. Accessed 19 June 2023.
Lawler, Richard. "Google's turning off third-party cookies for 1 percent of Chrome users early next
year." The Verge, 18 May 2023, www.theverge.com/2023/5/18/23728263/google-chrome-
ad-tracking-third-party-cookies-privacy-sandbox. Accessed 19 June 2023.
"What's the Difference Between First and Third-Party Cookies?" CookiePro, 5 Aug. 2022,
www.cookiepro.com/knowledge/whats-the-difference-between-first-and-third-party-cookies/.
Accessed 19 June 2023.

Top comments (0)