Hello I have a question that I can't seem to find an answer. In web development.
So what is the difference between cookie authentication system when you register/login, your credentials to be stored in a cookie and the pop up box that says - Wants you to accept its cookies. Are these two separated cookies? I am confused.
A server can send a Set-Cookie response header to ask the browser to store some data in a cookie.
This is often a token (such as a session ID or a JWT) which marks the user as being logged into the site.
It can also be a tracking token which is used to track your activity across different sites for, for example, marketing purposes.
(Or it can be various other things, but those are the most common).
Some browsers can be configured to prompt the user before a cookie is stored. This can display a built-in prompt to confirm it. (I'm not sure if any support remains in modern browsers, cookies are so common that prompts would be very intrusive, but this is the config for IE6:)
Some countries have regulations which require the user grant permission before they are tracked. This is often conflated with cookies (and is often called "cookie laws") but the regulations apply to tracking not to the technology used to do the tracking.
Sites will therefore often display a notice asking the user to accept the cookies. They very frequently use dark patterns to make it annoying to refuse and easy to accept by accident.
Here is Stackoverflow's example. You can see that you can accept the cookies with one click or go to a customise page (one click) and then confirm the default choices (a second click) or accidentality click the "accept all cookies" button next to it).
Credentials are not stored in cookies. Cookie store a session id that is used to retrieve session id.
But cookies can also be used for many others purposes.
But in fact that is the same.
