Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Thanks for the feedback. I think I let my little project cookie free and don't use adds.
-
fully cookie-free website.. hmm...
wow someone on the internet is actually giving a fuck?
One day I made proof of concept site that asked user if he wants to use cookies or not, and if he pressed not, my url creator method would do something similar to php sid links.
EDIT:
if you ever want to reproduce it, remember to use javascript to kill off the SID when page is loading from URL so noone will copy link with essentially logged in session. Its generally very insecure practice, but its cookieless... something for something. And also as last resort, when saving session info, also save IP addres of remote host and dont allow others for that session. -
Okay, it's quite simple. Its all in PHP.
First user has no cookies, he goes into your website.
Second he gets prompt "cookie or cookieless*
*cookieless may introduce some security risks"
Third, I get his request with decision (if not, i dont allow go anywhere else) and if its ok for cookies I use your typical $_SESSION[], but if it's not, I had special model, where I could open session on database - create record containing id, remote ip, sid, value (value was serialized pseudo-session array)
I modified my mklink() function that I use to create urls from scratch to check in the model if we are using no cookie approach and if so, I attach to urls that match base domain with current one ?sess=<24 chars of entropy>
So anywhere I create links they have GET identifing param.
Next, user uses website normally, when loading new page, he for brief second sees your crappy URL with key, but you can fix it in javascript as soon as <head> of page loads. -
@irene Also took more steps that if someone copy-pasted url with session key somewhere. I check IP.
I know, I could check plethoria of different things too, but it wasn't production ready, it was my personal bet with firend that you can have fully functional session, with login etc, with ability to completly reload webpage without usage of any local storage.
(not nuff characters per post ;( ) -
C0D4667536y@DubbaThony you could use html5 local storage so your not sending a key over the URL, but would still result in nasty work around overall Just to avoid a session cookie.
-
In this project I don't need user accounts.
When I need user accounts I use the web storage to save the web token.
I send it only on the header of the request.
Works pretty well. -
@irene I think the difference is that the locale storage can't be read from the server directly.
-
@irene I use only angular. So it is quite easy to write and read the local storage and personalize the app.
localStorage.setItem("key", "value");
localStorage.getItem(key);
Of course it's vanillajs at the end. -
C0D4667536y@irene technically, yes it serves a similar purpose, however ad servers would be unable to use it traditionally as localstorage is bound to the current domain.
-
Huh - of course.
But ads from the big players come with cookies just because they are personalized (a good thing).
Nobody likes tv-ads. But some development-related ad in between all the instagram posts i'm scrolling through is nice. -
daviddh1916yYes it's possible but not personally. I show ads in my application for other apps that I like. And I don't track the user with cookies. I only show a random ad from my database and maybe lots of users don't click on it but it's an ad without tracking
-
@irene it's possible as long as you stay on webpage.
And with refreshes. I described exacly how it's possible to do. It's wacky. But it works perfectly fine at the end of the day.
EDIT:
in other words, what I did, was session without session. I could still recognize user, and thus customize expirience (I actually allowed logging in as proof of concept) but as soon as you leave the webpage and enter it again, you are logged off again, and need to refuse cookies again. But as long as you dont lose your ID that is passed by GET, it's fine :) -
@irene
exacly, you use session ID that is stored in html itself not in cookies. So you get all the goodies (if you dont use external source of goodies becouse almost 99.999% sure it wont accept your way of doing it) -
@irene
Storage is in RAM. It's directly in the html file you recieve.
Which is perfectly fine.
EDIT:
whole afair is about not persisting the data on client's machine. Only thing my solution persists is his browser history ;) -
@irene
Either me not understand you or you not understand me.
Some people hate the fact that there will be webpage leftovers on their machine after you close the tab.
Nobody minds his/her RAM usage when it contains HTML code.
Every refresh with cookie you send your ID using http header.
Every refresh without cookie you send your ID using GET request that is saved in your RAM in your <a href=""> tag (so no persistance whatsoever here)
You can perfectly fine send your ID either way and it's perfectly accessible for server either way during request. -
@irene
Not only that's the point. It's often considered as side-effect.
Refusing cookies also means that your PC is left without a trace except history log.
Refusing cookies also means that your browser will write few bytes less on disk (and some people have issue with that which causes me heavy lolz)
Now, get avarage Joe, and tell him he can do sth without cookies. And he can still log in. He will not see any issue with it. He will even google how to check cookies to make sure youre not kidding him. and sure enough, it will work.
Still, as I mentioned in first comment. It was PoC site that i wrote only becouse of bet I took with my friend.
EDIT: actually 3rd comment -
@irene
becouse solution I have works around cookies issues.
It's dirty.
It kindda works.
But GPDR took care of that by beeing too broad xD
here, take this quote:
"This may leave traces which, in particular when combined with unique identifiers"
it MAY leave trace, not MUST.
So as long as you identify user in any way, including pulling it from your ass, you fall into GPDR.
They made it so broad that even if you use for what the fuck reason IP address for this, you fall into it.
But you dont have to do cookie policy if you look for any practical usage.
It was theoretical question, I anwsered how to do it. Drop your mindset of doing it for GPDR. Do it for fun ;)
Related Rants
Ads without cookies?
🤔 🤔 🤔 🤔 🤔 Possible?
question
ads
possible?
no cookies