Cookies are not needed. They are shifting the security onto the user. Secure the information on the server just like any other business. Offloading onto the client is wrong. It leads to ambiguity and abuses. Visiting a store and a business on the internet are no different. My presence gives no right to my person, searches, or tracking in the location or outside of it. Intentions are worthless. The only thing that matters is what is possible and practiced. Every loophole is exploited and should be mitigated. The data storage and coding practices must change.
The security is still implemented on the server. When you log in, most sites issue a cookie or otherwise store in the browser an authentication token. Subsequent requests provide that token so the server knows it’s still you. If the cookie is not persisted across tabs or browser sessions, every time you visit the site you must log in again (there are ways to make browsers do this if you really want to). If you didn’t allow even temporary client-side storage while on the page, most of the internet just wouldn’t work.
Cookies are not needed. They are shifting the security onto the user. Secure the information on the server just like any other business. Offloading onto the client is wrong. It leads to ambiguity and abuses. Visiting a store and a business on the internet are no different. My presence gives no right to my person, searches, or tracking in the location or outside of it. Intentions are worthless. The only thing that matters is what is possible and practiced. Every loophole is exploited and should be mitigated. The data storage and coding practices must change.
The security is still implemented on the server. When you log in, most sites issue a cookie or otherwise store in the browser an authentication token. Subsequent requests provide that token so the server knows it’s still you. If the cookie is not persisted across tabs or browser sessions, every time you visit the site you must log in again (there are ways to make browsers do this if you really want to). If you didn’t allow even temporary client-side storage while on the page, most of the internet just wouldn’t work.