Reputation: 3631
Regarding third-party cookies, who is a "second party"?
I am new to web dev. I don't think web dev is difficult. As long as you find a good explanation, things are crystal clear.
Unfortunately most tutorials you came across are not doing a good job.
First-party cookie is very easy to understand.
I am having trouble understanding third-party cookies.
Why is it called third-party?
Who is the second party, which is being skipped here?
Upvotes: 0
Views: 522
Answers (1)
Reputation: 97898
There is indeed a "second party", but it's impossible for them to set any cookies.
In a web request, there are two main parties:
- The HTTP server, operating the website, which makes a response
- The HTTP client, usually your web browser, which makes a request
In the terminology of a transaction, the server is closest to a "seller", so is termed the "first party"; the client is closets to a "customer", so is the "second party".
A "third party" is anyone other than these two main parties; in terms of web requests, these are actually other HTTP servers which are indirectly involved in serving the page.
So:
- A "first-party cookie" is one set by the server you contacted directly
- A "second-party cookie" would be one set by your own browser; but there's no such thing, so the term is never used
- A "third-party cookie" is one set by some other server, which served an image, script, etc on the page
The important thing to remember here is that these terms are relative to a particular transaction: all cookies are scoped to the server which set them, and a server can never set or read a cookie for a different domain. The distinction is about what gave them the opportunity to set or read the cookie: did you directly request a page from that server, or did a page you request "incidentally" include some images, scripts, etc from somewhere else.
For instance, stackoverflow.com supports loading avatar images directly from facebook.com; those image requests can set and read cookies for facebook.com, and when I load stackoverflow.com those are "third-party cookies" - the first party is stackoverflow.com, the second party is me, so facebook.com is a third party. If I load facebook.com directly, those same cookies will be first-party cookies. At no point can the server at facebook.com set or read cookies for stackoverflow.com, or any other domain; it only ever sets and reads its own set of cookies.
Upvotes: 3
Related Questions
- Exactly what is a "third party"? (And who are the first and second parties?)
- Can third party cookies override first party cookies?
- How do Third-Party "tracking cookies" work?
- Third-Party Cookies in Chrome
- When is a cookie considered to be a third party cookie?
- How Do Internet Advertisers Use Third-Party Cookies?
- Understanding Google Analytics first-party cookies
- By what mechanism is a third-party cookie placed, and how does it have access to, say, what you just searched for?
- third party cookies trackers
- What is currently the best way to set a 3rd party cookie?