Searching...
Friday 26 July 2013

Why The Need For Third Party Cookies In Blogger Blogs?

Not all bloggers understand the authentication and cookie issues which are involved, as we update and view our Blogger blogs. Occasionally we see perplexed queries
I wish blogger didn't insist on the requirement of third-party cookies in order to comment.
or
Why do I have to login each time I access my account?


Many bloggers aren't aware of the different domains used by Blogger / Google. Two of the key domains, in this case, are "Blogger.com" (where we login, and where we maintain our blogs), and "BlogSpot.com" (where many of our blogs are published). And with a blog published to a custom domain (not to BlogSpot), we have yet more possibilities. Each different domaincontains different code, and should be trusted differently.

If you (or your reader) are reading a blog hosted in "BlogSpot.com" (or wherever), and a cookie created in "Blogger.com" is needed, the browser will be able to provide the necessary access only if "third party cookies" are enabled, in all filters. Note that security filters, which include cookie filtering functions, may be present in various locations on the computer, and the network.

Blogger doesn't use "third party cookies" for fun, or for gratuitous security, they use them because they have cookies created in "Blogger.com" (when we login to Blogger), and used in "BlogSpot.com" (or wherever your blog is published - here, for instance, "nitecruzr.net") when we

  • Post comments in the embedded comment form.
  • Attempt to access private blogs.
  • Select Blogger Stats to ignore our own activity.

By themselves, the popup and separate page comment forms, which use code from "Blogger.com", will not require third party cookies. However, CAPTCHA ("word verification") based screening, which runs code from your blog - whatever domain your blog is published in - will require access to third party cookies. Note the advice on the Settings - Comments - "Show word verification for comments?"

Blog authors will not see word verification for comments.

If word verification is enabled, the comment script must check the authentication cookie, to determine if the commenter is a blog author. Whether inline, popup, or separate page, your comment form, using CAPTCHA based screening, will also require access to third party cookies.

The unfortunate thing about the "third party cookie" issue is that there's no granularity here. If you enable "third party cookies" so a BlogSpot web page can access a Blogger cookie, then any other web page domain can access cookies created in other domains. You enable one "third party cookie" access, you enable all of them.

This is yet another reason why you have to surf only to trustable web sites. If you don't trust a given web page to behave, and to only access what cookies it should, why are you there in the first place? Know how reliable are the websites that you surf.

0 comments:

Post a Comment

 
Back to top!