How does a website remember not to store cookies?

Posted on

Problem :

A popup on a website showed up, and asked me if I allowed the website to store preferences in cookies. By accident, I said “no”. Refreshing/restarting does not bring the popup back.

Is there a default way to get these kind of popups back, without clearing history/cookies?

Also, how can a website remember if it is allowed to store cookies? By storing it in a cookie?

Solution :

They asked you if you’d like to store preferences in cookies, not whether you’d like them to set cookies in general. So if I were writing support for this feature, I’d set a separate cookie (e.g., nopref) and check whether user has this cookie. There is a good chance you’ll find such a cookie for that site, which you can clear without clearing other cookies or history.

Inspecting cookies set for a particular page

In Firefox, you can list cookies for a particular page by right-clicking a blank part of the page, then selecting View page info option. You’ll find a “View Cookies” button in the “Security” tab. In Chrome, you have the same “View page info” option, which opens a dialog that hangs from the address bar. Link near the top will take you to a listing of cookies. I assume similar features can be found in other browsers.

Discovering if site sets a cookie

Here’s one way you can discover what the site is doing. Open the site in Incognito mode. Open developer tools and switch to Network tab. Then check out what activity is happening in the background as you decline to have the site track you with cookies. Specifically, look for response headers and see if there are any ‘Set-Cookie’ headers in there. Then try deleting cookies mentioned in the header and see if that makes any difference.

About localStorage

Since another poster has mentioned localStorage (in-browser database), I’ll comment on that as well. I think it’ll be very rare that the site uses localStorage for this purpose as localStorage data isn’t accessible to the server unless there is JavaScript code that sends the data back to server. If you wish to check the contents of the localStorage, the fastest way is to open the developer tools in your browser, go to (JavaScript) Console tab, and type localStorage. This should give you an output that looks something like:

Storage { someKey: "value", length: 1 }

The someKey identifies the value set by JavaScript on the page you are on. If you believe someKey does something relevant, you can try removing it by running the following:

localstorage.removeItem('someKey');

This removes the data under someKey key from the localStorage, and reloading the page may restore it to ‘factory settings’. If you’re not sure if the particular key is set by the cookie notification functionality, you may open the page in incognito mode, and list the contents of localStorage before and after interacting with the page.

Again, I doubt too many sites use localStorage for this purpose.

Because this sounds an awefull lot like dutch sites and your name seems dutch, I’m going to expand a little:

In the EU it is required you give some heads up to the user that you are using cookies. All it takes is a small message, a section in the disclamer, or a one-time pop-up (those are rare). Sometimes there is an opt-out possibility

The Netherlands like to be the best behaved boy in class, so we upped it a nudge:
All non-essentional cookies are forbidden, unless the user opts in (oppesite of the EU regulation).

This creates a problem, what is essential? Well, that’s pretty much covered, concluding that even every site that uses google analytics places a non-essential cookie.

They fix this with a user-unfriendly (but so far the ‘best’ solution) cookie-choice wall.
Before you have any access to the site, you have to click [ok] or [nope]. This has to be done before the pageload, because e.g. Google Analytics.

There are multiple solutions to remembering this. One is saving the IP in a database, or the local storage of the browser (like a clientside database), but the most simple solution is to save this in…. a cookie.
This is allowed, because this is an essential cookie.

Resetting those settings
Because they’ll likely go for a local storage solution (the client’s DB, or a cookie), you can go to your history (ctrl+H) and rightclick the website, then select [forget]. This will remove everything related to this site, including it’s cookies and storages.

Regarding the ‘this law is dead in UK’ comment
In the Netherlands this isn’t really getting implemented anymore. The indication (the EU-version) is still getting shown, but the opt-in hardly exists, apart from the mayor sites.

Leave a Reply

Your email address will not be published.