Defending cookies-without cookies, we have nothing (first-party cookies and third-party cookies)

Source: Internet
Author: User
Tags website server



Before starting the text, let's talk a little bit about it. Google Analytics recently launched the API function. developers can integrate the data and functions of Google Analytics into their own applications. For more information, see here.

Theme. When Microsoft hasn't launched IE8, I honestly don't like it. This does not come from my prejudice against Microsoft (this company is really great), but from my loyalty to cookies. However, the emergence of IE8 has cast a thick shadow on our beauty. However, before everything becomes very serious, let's take a look at what cookies mean to us and why we need to defend them.

  • What are cookies and their functions?

Cookie is a small TXT file on the client end when you browse the Web page. This file stores some things related to the website you visited. When you visit this website for the next time, the cookie will remember the status or settings of your last visit, so that the server can send page-related content accordingly. The information contained in the cookie does not have a standard format, and the specifications of each website server may be different, but it generally includes the Domain Name of the accessed website ), the access start time, the visitor's IP address, and other client information. For example, if you set up a Google page to display several search results and other information, even if you do not log on to your Google account, you will be able to save it during your next visit, this is how you put the relevant information into the cookie during the last visit. For online shopping websites, you have recorded some information such as your shopping cart, storage shelf, and your account name. In addition, some websites will write down your Logon account and password through cookies, so that you will log on automatically next time you open your browser.

Of course, if you open the TXT file of the cookie in the system folder, you will not see this information but will only see a mess of characters, because for the sake of security, cookies are generally encrypted and can only be read by the corresponding server. In addition, because cookies are only TXT files, not programs, and are not viruses, they cannot run on their own, and will not affect the operating system and any other computer programs, nor spread through the Internet, therefore, it does not actually constitute a threat to Internet security.

[Copyright belongs to the author sisydney song. You are welcome to repost the copyright, but please inform the author and indicate the source in advance]

For website analysis, cookie is used to helpEmbedded Code ClassWebsite analysis tools record Website access (visit) and visitor (unique visitor) information, and related monitoring is not possible without cookies. The software that uses server logs for website analysis can perform related analysis without the need for cookies. Therefore, cookies are only valid for embedded code tools. Tools that you are familiar with-Google Analytics, omniture, lxbs, and Webtrends-embedded code edition-all require Cookie placement on the computers of website visitors for monitoring.

  • Cookie quantity and Validity Period

The number of cookies is the number of cookies that a website can place on a client. A website does not have to place only one cookie on the client, but multiple different cookies are placed as needed.For website analysis tools, cookies that help monitor visit and help monitor unique visitor cannot be set separately.. For each website (domain), the maximum number of cookies supported by different browsers varies. IE7 and firefox3.0 support 50 cookies for each website, while opera supports 30 cookies. Both 30 and 50 are enough.

Cookie validity period (expiration) is another very important concept and one of the important attributes of cookies. Any Cookie has a validity period. Some cookies are valid for a short period of time. Some cookies expire automatically when the browser is closed, while others are known as "permanent cookies ". In fact, the cookie's validity period is set manually on the server side. It can be set to 1 second, 10 years, or disabled when the browser is closed, based on different situations. A permanent cookie is a cookie with a long validity period, but is not permanent. A temporary cookie is a cookie that becomes invalid when the browser is disabled.

The timeliness of cookies is of great significance for website analysis and monitoring. Visit monitoring depends on the cookie's validity period. For example, Google Analytics sets two validity periods for visit cookies. One is 30 minutes, and the other is when the browser is closed. This means that if the visit cookie is not updated within 30 minutes, this cookie becomes invalid-that is why we say that visit is a page browsing process with an interval of no more than 30 minutes. If the time between two page views exceeds 30 minutes, the visit count is increased by 1. In addition, if you open a website and shut down the browser after reading it for a while, when you open the browser again and re-open the website, even if the two visits did not take more than 30 minutes, it is also calculated as a new visit, because the visit cookie browser is used to disable the validity period setting.

[Copyright belongs to the author sisydney song. You are welcome to repost the copyright, but please inform the author and indicate the source in advance]

Unique Visitor also depends on the cookie's validity period. If the cookie expires on two days, then you will access the same website today and tomorrow. The unique visitor will only be recorded as increasing from 0 to 1. If you come again on the third day, then the unique visitor will increase the count once, for a total of two times. In addition to visit and unique visitor, return visitor, frequency, and other measurements also depend on the cookie's validity period.

  • 1st party cookie and 3rd party cookie

The first-party cookie and third-party cookie are actually a very simple concept, but I searched for some explanations on Baidu. It seems that they are neither clear nor accurate. In fact, the so-called first-party and third-party statements are used to determine the ownership of the cookie, which refers to the domain recorded in the cookie ). For example, if you visit my website, my website sets a cookie on your computer, and the recorded domain name is also, therefore, this cookie is the first party and belongs to your website If the Domain Name of the cookie set on your computer is when you access the website, the cookie is a third-party cookie and belongs to

This concept is very important for website analysis. For example, you may ask if Google Analytics uses a cookie of 1st party or 3rd party. The answer is first-party. First, Google Analytics's cookies on each monitored site are created by our familiar JavaScript monitoring code. (Yes, JavaScript can also create cookies. That's enough to know, (do not dig deep). Second, the domain of the cookie to be created is not, but the domain of the website to be monitored. Therefore, although this cookie is actually created with the help of Google Analytics, it is also used by Google Analytics (Instead, it cannot be directly used by the "monitored website ), it is still the first-party cookie.

Therefore, the first-party cookie does not need to be set up by a website's own server, and other websites can also be set up for it, the first-party Cookie may not be read by a website itself, but may be read by a third party.The only difference between the first and third parties is: whether the domain name in the cookie is the same as the domain name of the website to be accessed, that is, the first party, or the third party.

This is a confusing concept. I hope you can figure it out after reading the above content.

[Copyright belongs to the author sisydney song. You are welcome to repost the copyright, but please inform the author and indicate the source in advance]

  Website analysis and all Internet advertisement monitoring will prefer third-party cookies.. The reason is that third-party cookies can be used to monitor cross-site visitor behavior. For example, DoubleClick uses a third-party cookie. This company will create a cookie with the same (only one) domain as DoubleClick for all pages opened with DoubleClick advertisements, as long as you open these web pages, whether or not they belong to the same website, you can view the advertisement behavior DoubleClick. However, the first-party cookie will not work, because the first-party Cookie must use the domain of the monitored website, so that multiple websites will have multiple different cookies, cross-Site browsing cannot be monitored.

For most browsers, third-party cookies are disabled by default because people tend to think that third-party cookies greatly obtain the privacy of people when discussing privacy issues related to cookies, this leads to the widespread distrust and misunderstanding of third-party cookies. However, in fact, all cookies do not disclose any privacy information about the viewer. They only capture browsing behaviors, and third-party cookies are no exception. If everyone is willing to accept third-party cookies, there will be more analysis and optimization solutions provided by website analysis. However, third-party cookies are generally disabled, so there are not many monitoring tools that use third-party cookies. only tools that monitor online advertisements will insist on using third-party cookies.

  • What else can I monitor without cookies?

Because third-party cookies are not popular, few website analysis tools use them. However, if no cookie exists, the website analysis tool will barely work. But in fact, if there is no cookie, we can still monitor something. This is PV. Because PV monitoring only triggers JavaScript monitoring Code and is irrelevant to cookies. For example, in omniture, if a client disables a cookie, omniture still records the PV contributed by the client, but cannot record visit at all, this will make the PV/visit monitored by this tool slightly larger than the actual value. When there is no cookie, omniture will return and use the visitor Client IP address to identify different visitors (unique visitor ), in this way, the unique visitor can still be monitored after the cookie is disabled. However, as visit cannot be monitored, the unique visitor may be larger than visit in omniture.

  Without cookies, data is basically lost for other measurements except PV, so I will think that we have nothing to do without cookies.Or the location of visitor and visitor can also be obtained through the IP address. However, this data is very inaccurate because we need cookies.

So, how many clients will disable cookies? I don't have a precise number, but I think there should be about 80% of users using the first cookie, and only about 20% will disable it. Third-party cookies are disabled by default. Therefore, at most 20% of users use them.

[Copyright belongs to the author sisydney song. You are welcome to repost the copyright, but please inform the author and indicate the source in advance]

With the emergence of IE8, it will certainly further reduce the cookie usage, which will further reduce the number of samples of website analysis data. MeNot ConsideredThis reduces the accuracy of website analysis tools when describing qualitative issues (qualitative issues such as bounce rate, such as time on site, and the ratio of returning visitor to new visitor ), however, an error may occur when describing a quantitative problem, or, more specifically, it may be too small. If more than 50% of users are disabled as cookies are disabled, the original methodology of website analysis will be troublesome. However, I certainly do not believe that the cookie disabling ratio will rise sharply, I am very optimistic-Cookie brings much convenience to people, much greater than the privacy issues raised in some shortcomings. Disabling cookies is more of a psychological comfort (in fact, most of the time it is only a psychological feeling, and there is no practical help for security and privacy ), however, the inconvenience may directly affect your browsing experience.

Therefore, whether it is for our professional, for better user experience, or for the website itself to create more convenient applications, we all have enough reasons to support cookies, oppose Microsoft's Internet Explorer 8 porn browsing model, and defend what we should defend-This represents wisdom and progress. The open letter Eric Peterson wrote to President Obama is worth looking at, representing the strongest voices of all our website analysis practitioners. [Full text]

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.