theproductguy
February 11, 20193 min

Cookie for designers

Most of the user journey nowadays start with a cookie/privacy policy on a website. So it is very important for designers to be aware of…

Cookie for designers

Most of the user journey nowadays start with a cookie/privacy policy on a website. So it is very important for designers to be aware of cookies. In this post, we will be seeing what a cookie is and different types of cookies and some common patterns used to get cookie/privacy consent from users.

https://dribbble.com/shots/5961670-Cookie-Consent

Cookie

A web cookie also called as HTTP cookie or browser cookie is a small piece of data that is exchanged between the server and the browser. Cookies are mainly used for three purposes Session management, Personalization and
Tracking.

Different Types of Cookies

Session cookie

A session cookie for a website only exists whilst the user is reading or navigating the website. When the user closes their web browser these cookies are usually removed.

Persistent cookie

A persistent cookie for a website exists on a users computer until a future date. For example, the cookie expiry date could be set as 1 year, and each time a website is accessed over this period the website could access the cookie.

HttpOnly cookie

A HttpOnly cookie can only be used via HTTP or HTTPS, and therefore cannot be accessed by javascript. This reduces the threat of session cookie theft via cross-site scripting (XSS).

Secure cookie

A secure cookie can only be used via HTTPS. This ensures the cookie data is encrypted, reducing the exposure to cookie theft via eavesdropping.

Third-party cookie

First-party cookies are cookies set with the same domain (or its subdomain) as your browser’s address bar. 
Third-party cookies are cookies set with domains different from the one shown on the address bar.

Note: Privacy setting options in most modern browsers allow you to block third-party tracking cookies.

Cookie Policy

Cookies Policy are designed to help users understand what cookies are used on a website or app.

At minimum, the Cookies Policy should explain,

  • The types of cookies used on the website or app.
  • For what the cookies are used.
  • And how users can manage their cookies on the site or app.

Cookies are primarily categorized for users as Necessary, Performance, Functional, Marketing, Social, Analytics, Statics etc.

If a website is complying with EU Cookies Directive they have to notify the site’s visitors that they are using cookies and must obtain their consent for cookie usage. The EU Cookies Directive also requires websites to post a fully separate Cookies Policy. However if your not complying with EU Cookie Directive you can include the Cookies clause in the Privacy Policy agreements or in the Information We Collect section.

There are a number of ways we can get cookies consent on the website. We can use a simple banner notification either on the header or footer. Alternatively, a pop-up notice can also be used.

Few patterns currently followed to design Cookie consent policy are,

Cookie Pro

Originally published on Medium