If you recall, in February 2019, Apple announced WebKit blog,Introduced version 2.1 their Intelligent Tracking Prevention browser mechanism.
This version supports Safari (and soon all WebKit browsers, including iOS and iPadOS browser apps, date of expiry About browser cookies set by JavaScript. Expiration can no longer be set earlier. 7 days later.
In the recent 2022 release (I don’t know the exact date or version number) WebKit changed this mechanism to: JavaScript cookies no longer have expiry caps.
this is No Means that WebKit has rolled back changes from ITP 2.1.Rather, it is that WebKit is converging imposed restrictions All script writable storagewhich includes JavaScript cookies.
X
shimmer newsletter
Subscribe to our Simmer newsletter to receive the latest news and content from Simo Ahava right in your email inbox!
All script writable storage is deleted when the site is not operated
WebKit browsers already have a tracking prevention policy applied. other Scriptable storage. These include:
- Index database
- local storage
- media key
- session storage
- Service worker registration and caching
The policy is site is not receive user interaction (click, tap, or keyboard input) in The 7th of Using your browserall this script-writable storage for the site will be deleted.
7 days Using your browser teeth No Same as 7 calendar days. A user may use a browser every day, in which case they are the same. Users may take breaks of days, weeks, or months between browser usage.
With this recent change, Now includes JavaScript cookies Included in this list of storage mechanisms to be removed.
To avoid this deletion, the user should: Visit website Run meaningful user interaction (click, tap, or type) on the site first party context (So loading the site in an embedded iframe won’t do it by itself). This resets the deletion timer to 0.
Embed your site in an iframe, Storage access API and do It counts as a meaningful interaction with the site and also resets the deletion timer.
The 24-hour expiration cap still applies in some cases
In ITP 2.2, WebKit introduced additional restrictions on first-party cookies.
the domain is Classified as trackable by ITP, When Additional restrictions apply to JavaScript cookies set on the page the user navigates to if the link contains URL query parameters or hash fragments.
In such cases, the JavaScript cookie set on the page contains: Maximum expiration date of One day.
This does not change and puts significant restrictions on the cookies set by companies such as Google and Meta after users click on advertisements or “regular” links when using these platforms.
Overview
After a long period of little activity, WebKit appears to be taking another anti-tracking tactic to stay ahead of its cat-and-mouse game with ad tech.
of Safari Technology Preview 157I have New features in testing This limits the lifetime of cookies set in HTTP response headers to only 7 days, in case the response originates from a server whose IP address subnet does not match the IP address subnet of the requesting site. Yes, one bite.can i check my mastodon post When Blog post by Cory Underwood See the topic for more information.
This limits effective solutions such as server-side Google Tag Manager from creating more durable first-party cookies.
Combined with this recent change that JavaScript cookies are no longer limited to expiry time, we came to an interesting conclusion. JavaScript cookies can be enabled in many cases. longer life than its HTTP counterpart.
The lifetime of HTTP response cookies set from servers behind third-party CNAMEs or third-party IP addresses is limited to just 7 days. JavaScript cookies do not have an expiry limit (but up to 400 days may be introduced).
However, for this to happen, users must visit the site regularly and have meaningful interactions. Using a browser is not enough.
However, I don’t read much about this.The difference of 7 days of browser usage When 7 calendar days It often doesn’t exist. So, for example, I don’t think this change would significantly “improve” the analytical data.
