What cookies are and how they are used in Patally.
Http is essentially a "stateless" protocol. What this means is that every time you make a (page) request from your browser to a Website,
the Website's "server" (tasked with sending your browser an appropriate "response") knows nothing about your previous request (even to the same Website).
This poses a problem for our usability. For example, you go to a Website and "login" (providing your username and password). The server validates your login credentials and sends a response to your browser that (visually) includes a set of buttons to click - let us say one of which says "Get Appointments". Assuming that now you click on "Get Appointments", this "request" will be sent to the Website's server. Because the server does not know about any of your previous interactions (requests), it does not know that you have already "logged in" - which means it does not know "who" is making the request for appointments - and hence it does not know whose appointments to fetch.
Many Websites use "cookies" to solve the aforementioned problem. An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. (Note that this data is typically not visible to the user on the Web page itself) The browser may store the "cookie" (data) and send it back with the next request to the same server.
In our example above, after the server validates your Login credentials, apart from sending the (visual) response also sends a cookie (invisible response) to the browser. This cookie is typically some data that the server correlates to your identity. So, this time when you click on "Get Appointments" your browser also sends the cookie to the server - which now can identify you, thanks to the cookie. The server can now send the appropriate appointments to your browser as its response.
While this is the gist of how cookies work in general, the server and browser employ sophisticated security mechanisms to prevent misuse of these cookies. When cookies are used in circumstances explained above, they are termed "Authentication cookies".
In general, Authentication cookies are valid for a "session" - meaning they are usually deleted by your browser when you either "logout" of an authenticated Service or when you close the Browser. However, in cases where you choose features like a "Remember me" option on a Website, these cookies can be stored by your browser even when you close the browser (without "Logging" out). These cookies are called Persistent cookies. Note that in most cases, your cookies will be deleted if you explicitly "Logout" from an authenticated service.
Tracking Cookies are a specific type of cookie that is distributed, shared, and read across two or more unrelated Web sites.
These are typically used by online advertising companies to "track" pages visited by you and display ads "relevant" to you when you visit unrelated Websites. No tracking cookies are used by the Patally Website (patally.co.uk) or the Patally Service (app.patally.co.uk).
Cookies used on the Patally Website (patally.co.uk): None
Cookies used on the Patally Service (app.patally.co.uk):
|Patally_Identity||Authentication cookie (generated by the server after you log in): used to keep you "logged in". Deleted if you log out. If you use the "Remember me" option, this cookie is retained by your browser for the duration specified by the server.|
|Patally_SecureForms||This is technically an anti forgery cookie. This is a security mechanism to protect you from other malicious sites "posting" data on your behalf to the Patally service.|
Updated: 16 August 2019