jnepp

Q: Clarification on different Safari privacy settings

Recently I was reviewing the different privacy settings in Safari and between web searches and the help file I wasn't able to find the difference between these two settings.

 

Allow from current website only

and

Allow from websites I visit

 

I tried both settings out and visited the same websites and it appears to track/add the same cookies.

 

I was hoping someone could shed some light on the differences between these two options.

 

Thanks

Posted on Oct 18, 2014 9:37 PM

Close

Q: Clarification on different Safari privacy settings

  • All replies
  • Helpful answers

  • by Jason L,

    Jason L Jason L Oct 21, 2014 2:40 PM in response to jnepp
    Community Specialists
    Oct 21, 2014 2:40 PM in response to jnepp

    Hey there jnepp,

     

    Welcome to Apple Support Communities.

     

    I see that you’ve already searched Help, but I’d like to share this section of Safari Help in case you haven’t already seen it. The information on the webpage below should clarify the differences between those privacy settings in Safari.

     

    Manage cookies and website data

    • Allow from current website only: Safari accepts cookies and website data only from the website you’re currently visiting. Websites often have embedded content from other sources. Safari does not allow these third parties to store or access cookies or other data.

     

    • Allow from websites I visit: Safari accepts cookies and website data only from websites you visit. Safari uses your existing cookies to determine whether you have visited a website before. Selecting this option helps prevent websites that have embedded content in other websites you browse from storing cookies and data on your Mac.

     

    Cheers,

    -Jason

  • by jnepp,

    jnepp jnepp Oct 21, 2014 7:17 PM in response to Jason L
    Level 1 (1 points)
    Oct 21, 2014 7:17 PM in response to Jason L

    Thanks for the reply, and yes I have seen this section. 

     

    I have tested both of these options and do not see where the websites handle the cookies differently.  I went went to the exact same websites and noticed the cookies were the exact same.  I did this by the deleting the cookies, closing the browser and visiting the same sites.

     

    Maybe the better question to ask, is which of the options is more restricted and in a sense more secure?  Based on the informations I would guess the 1st bullet point, but through testing and research I am unable to come to a conclusion.

  • by arun3062,

    arun3062 arun3062 Apr 5, 2016 9:43 PM in response to jnepp
    Level 1 (4 points)
    Apr 5, 2016 9:43 PM in response to jnepp

    This scenario happened to me

     

    I was serving my website in Server X which made Safari to store cookies (encrypted). Now I migrated to Server Y (no change in domain name) and using a different key to decrypt cookies. If the decrypted result is not expected, then I reset the cookie and send the correct cookie in encrypted format.

     

    When the safari cookie setting is "Allow from Website I visit" , the new cookie I sent doesn't override the old cookie and the old cookie kept on attaching with every request.  Previously I have set the cookie expiration time to be 1 year.

    Can you explain what is happening?

     

    PS : The result is as expected when the setting is  "Always allow" or Allow from current website on;y