-->
Save your FREE seat for Streaming Media Connect in February. Register Now!

Third-Party Cookies and EdTech

Article Featured Image

In a recent article, Jan Ozer provided an over­view of the Cookie Apocalypse and raised the question of why it has received so little attention. The article fo­cused on FAST and other ad-­supported business models, for which the end of third­-party cookies poses a grave threat. In edtech, the situ­ation may be even more dire, since course web­sites are typically designed with third­-party in­tegrations that deliver crucial elements of the curriculum and traditionally rely on cookies to allow seamless cross­domain integration.

These cross-­domain, third-­party cookies are essential for the operation of single sign-­on (SSO) and Learning Tools Interoperability (LTI) authentication methods. Many course webpages contain a video player in one I-­frame and an interactive quiz in another to enable students to learn the material and formatively test their learning as they proceed in the video. The stu­ dent would be logged in to both of those embed­ded websites for legitimate educational pur­ poses: The two embedded websites should be sending personalized learning analytic data to a school­managed learning record ware­house using Caliper or xAPI standards so the student and teacher both have evidence of the work that was performed for the course, and the institution can aggregate the data to infer optimal study practices toward which incom­ing students can be directed. That data collec­tion scheme is exactly what a cross­site track­ ing cookie does, except here, the purpose is solely to benefit the student and the school.

Safari was the first major browser to dis­able third­-party cookies by default, at substan­tial cost to its popularity on school campuses. Chrome was scheduled to follow suit in October 2024, but changed course late in the summer, due partially to the lack of urgency on the part of many vendors. Savvy and forward­-thinking edtech companies have pursued at least two strategies to survive the eventual Cookie Apocalypse utilizing new web browser stan­dards. The first uses a new type of limited­ scope, third­-party cookie, and the other doesn’t use cookies at all.
The first post­third­party cookie privacy strategy relies on Cookies Having Independent Partitioned State, or CHIPS. These cross­-domain replacements for standard cookies are accessible only when embedded under a specific domain.

Our school’s learning management system (LMS) sets a session cookie so a student can stay logged in to the many pages in their course website. One of those pages embeds a video playlist widget, and that widget sets a session cookie for the VMS domain partitioned under the LMS domain so the student can load dif­ ferent videos without re­authenticating. If the student goes to any other website using re­ sources from the VMS—even the VMS web­site—they need to re­authenticate, since the session cookie for the VMS partitioned under the LMS is not accessible anywhere other than with that specific embedding.

Although partitioned cookies are support­ed in the WebKit engine used by Chrome and Edge, Safari dropped them from its variant of WebKit. However, the reasoning for removing them was because Apple had unsuccessfully explored heuristically partitioning third­party cookies in the browser and probably did not ex­ pect them to catch on since partitioned cookies don’t allow cross­site tracking. They could be restored to Safari if this strategy achieves uni­ versal support from the other major browsers. The other strategy that has traction despite its unfortunate name is an addition to the LTI specification called LTI OIDC Login with LTI Client Side postMessages.

Strictly speaking, this strategy piggybacks on two different but very useful LTI specifications. One is LTI Client Side postMessages, which allows a third­party activity to, among other things, resize its I­frame height to remove ex­tra scroll bars in the middle of a page. The oth­er is LTI postMessage Storage, which allows the embedded third­party activity to store and re­ call data in the localStorage property of the top­level window object. This strategy makes cookies entirely unnecessary, but it has conse­ quences that may be undesirable. For example, the VMS session state would not necessarily be shared across browser tabs.

Streaming Covers
Free
for qualified subscribers
Subscribe Now Current Issue Past Issues
Related Articles

What Google Chrome's Cookie Apocalypse Means for Streaming Advertising

For some publishers, third-party cookies enable the targeting that differentiates web-based ads from broadcast ads. If you lose the ability to target, you lose the benefit that delivers greater efficiency to marketers and increased CPM on your ad inventory. In this article, I'll cover Google's proposed actions regarding third-party cookies, the status of those plans, who this impacts, and what advertisers and publishers can do to mitigate this impact.

Radically Reforming Public Education--and How Video Can Help

By the time stu­dents finish their sophomore year of high school, they should know how much they have yet to learn about financial literacy and maybe even have a good idea of what they want to do in life. This is where streaming media comes in: Online video and books can provide for rich, specialized independent study to any community with motivated students.

Effective K–12 Video Strategies

The revolutionary change over the past 10 years has made production technologies accessible to teachers and even students. And 4 years ago, of course, almost everyone was forced to rely on educational video to keep schools asfunctional as possible. Today, we can identify several use cases of teacher-produced educational video that are particularly effective.

Backward Design for Educational Video Production

Software developers are trained in accessibility issues for front-end development and basic concepts like labeling control elements and reporting state changes to assistive technology—screen-readers—are part of a professional developer's code testing procedures. Despite this progress, two very different forces are swirling with the potential to push back on the trend towards better technological inclusion of the disabled.