|
|
|
|
|
|
by Knacker_Hughes
5523 days ago
|
|
|
OK - that's great. In practical terms though, all they're storing is a key. The actual data is held elsewhere. In the same way, an entity tag on a cached object is like a key to identify whether the object has been modified on the server since the last time it was sent. How would it be possible to spot that it was being used for tracking a user rather than just part of the normal functioning of the browser? |
|
|
Even so, I think the answer is clear: it depends on whether you store data that permits you to infer privacy-intruding things about the user. If you store a cookie that just encodes preferences and you store no persistent data about the cookie on your side, you should be fine. It's the making a relationship between client local state and your customer profiles that's key.