In search of the elusive second-party cookie

We’ve all heard about first-party and third-party cookies. But what about second-party cookies? Do they even exist?

Although many discussions of cookies online don’t even mention second-party cookies, the consensus seems to be that there really is such an animal.

However, there seem to be two different definitions of what exactly it is.

1) An “outsourced” cookie. A second-party cookie is a cookie created on behalf of a publisher: for example, if a blogging platform creates a cookie for a blogger’s site. By this definition, it’s just an “outsourced” first-party cookie.

Since it’s created under the same domain name as a true first-party cookie would be, it’s indistinguishable to the browser from any other first-party cookie. And that’s why we never end up talking about second-party cookies in the first place.

For more detail on this definition, a great discussion can be found here.

2) A shared cookie. This time, the focus is not on outsourcing cookie-creation to an app you’ve bought from a vendor. Rather, this definition focuses on obtaining existing cookie data from a business partner. A great example from Lotame is as follows:

[I]f you are a local newspaper company, and you team up with a larger health and beauty company, you can suddenly offer your advertisers a wealth of health & beauty data that you didn’t have before.

With this definition, the real driver isn’t technology, but the business relationship that makes one company willing to share its cookie data with another.

A final observation: if we want to play semantic games, we can say that the first definition shows how a second-party cookie is really just an outsourced first-party cookie. And similarly, the second definition indicates that a second-party cookie is just a more restricted third-party cookie — restricted, in the sense that this data isn’t for sale to just anyone.