Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
740028794yAds in newspapers, TV ads and billboards all work fine without cookies, don't they?
devTea252114yTargeted advertisements should work better than general ads
Thanks for the feedback. I think I let my little project cookie free and don't use adds.
fully cookie-free website.. hmm...
wow someone on the internet is actually giving a fuck?
Okay, it's quite simple. Its all in PHP.
First user has no cookies, he goes into your website.
Second he gets prompt "cookie or cookieless*
*cookieless may introduce some security risks"
Third, I get his request with decision (if not, i dont allow go anywhere else) and if its ok for cookies I use your typical $_SESSION, but if it's not, I had special model, where I could open session on database - create record containing id, remote ip, sid, value (value was serialized pseudo-session array)
I modified my mklink() function that I use to create urls from scratch to check in the model if we are using no cookie approach and if so, I attach to urls that match base domain with current one ?sess=<24 chars of entropy>
So anywhere I create links they have GET identifing param.
@irene Also took more steps that if someone copy-pasted url with session key somewhere. I check IP.
I know, I could check plethoria of different things too, but it wasn't production ready, it was my personal bet with firend that you can have fully functional session, with login etc, with ability to completly reload webpage without usage of any local storage.
(not nuff characters per post ;( )
In this project I don't need user accounts.
When I need user accounts I use the web storage to save the web token.
I send it only on the header of the request.
Works pretty well.
Huh - of course.
But ads from the big players come with cookies just because they are personalized (a good thing).
Nobody likes tv-ads. But some development-related ad in between all the instagram posts i'm scrolling through is nice.
daviddh2004yYes it's possible but not personally. I show ads in my application for other apps that I like. And I don't track the user with cookies. I only show a random ad from my database and maybe lots of users don't click on it but it's an ad without tracking
@irene it's possible as long as you stay on webpage.
And with refreshes. I described exacly how it's possible to do. It's wacky. But it works perfectly fine at the end of the day.
Either me not understand you or you not understand me.
Some people hate the fact that there will be webpage leftovers on their machine after you close the tab.
Nobody minds his/her RAM usage when it contains HTML code.
Every refresh with cookie you send your ID using http header.
Every refresh without cookie you send your ID using GET request that is saved in your RAM in your <a href=""> tag (so no persistance whatsoever here)
You can perfectly fine send your ID either way and it's perfectly accessible for server either way during request.
Not only that's the point. It's often considered as side-effect.
Refusing cookies also means that your PC is left without a trace except history log.
Refusing cookies also means that your browser will write few bytes less on disk (and some people have issue with that which causes me heavy lolz)
Now, get avarage Joe, and tell him he can do sth without cookies. And he can still log in. He will not see any issue with it. He will even google how to check cookies to make sure youre not kidding him. and sure enough, it will work.
Still, as I mentioned in first comment. It was PoC site that i wrote only becouse of bet I took with my friend.
EDIT: actually 3rd comment
becouse solution I have works around cookies issues.
It kindda works.
But GPDR took care of that by beeing too broad xD
here, take this quote:
"This may leave traces which, in particular when combined with unique identifiers"
it MAY leave trace, not MUST.
So as long as you identify user in any way, including pulling it from your ass, you fall into GPDR.
They made it so broad that even if you use for what the fuck reason IP address for this, you fall into it.
It was theoretical question, I anwsered how to do it. Drop your mindset of doing it for GPDR. Do it for fun ;)