* Posts by mikeoneill

2 publicly visible posts • joined 24 May 2011

Got a website? Pay attention, Cookie Law will come

mikeoneill

Cookie button

The CookieQ button (http://cookieq.com) removes cookies from visitor's browsers unless they have opted in to cookies at your site. You can give them a default opt-in period which they can override, and they can manage their cookie consent from one page, where they can also withdraw or give their consent to cookies at any time.

LinkedIn cookie vulnerable, claims researcher

mikeoneill

LinkedIn button

LinkedIn sets their login cookie to be persistant, and also does not set the secure flag, so that it will be sent back to them whenever a user visits any page that has a LinkedIn profile or share button on it. This is similar to how the Facebook "like" button works, although LinkedIn seem to rely on getting the URL of the visited page through the Referer: header, while Facebook has it encoded in the query string (also). Normally login cookies expire at the end of a session, or after a short period, as they are only normally needed to maintain state during a logged in session.

This technique lets social network sites build up a record of the sites you visit and associate it with your login profile, so you can be targeted with ads etc.