Submitted by Syd Nicholson on Wed, 04/18/2012 - 00:00
Forums
IceBreak

Hi Niels,

I have a question regarding the new cookie laws that are due to be implemented, see http://www.bbc.co.uk/news/technology-17745938.

How does IceBreak fit into this? If my website (driven by IceBreak) is using cookies, then presumably I need to take some action. I certainly don't purposfully create cookies, nor do I have any advertising on the site. Does IceBreak use cookies to track the session and how would I know?

Regards,

Syd

Niels Liisberg

Wed, 04/18/2012 - 00:00

Permalink

Hi Syd;

There are two types of cookies: Session cookies and "Site" cookies. Now let me explain the difference:

Session cookies are normally created by the server and with no relation to what domain it is associated to.

"Site" -cookies, however, has both an expiration date/time or time to live AND a relation to what domain it was created.

The article you are referring to is about "Site" cookies. These coockies a "visible" from all applications on a site – also for a 3th party product like Google site Tracker.

Session cookies, on the other hand, are only visible by the connection that created it and therefor unreachable for 3th party products and therefore not vulnerable. And even it you configure "No thanx to Cookies" in you browser, you will still be able to create Session cookies. 

IceBreak is keeping track of session with either "Session cookies" or with a mechanism called "url redirection", where icebreak are redirecting your session to a virtual path containing the session ID if the browser has no cookie support what so ever…

Best regards,

Niels Liisberg