Facebook fixes its cookie ‘bug’

PEOPLE DATABASE Facebook has fixed the issue with its cookies that it had said was never an issue in the first place.

The company has finally reacted to an issue it was first notified about a year ago, but did nothing about until the discoverer picked up on it and bought it to the media's attention.

At first Facebook defended its use of cookies, cookies that could be used to trace a user around the internet even after they logged out, but since then it has 'fixed' the issue and distanced itself from the scandal.

The problem was discovered by Nik Cubrilovic who, once the media got involved, started having conversations with the company this week. Facebook promised to fix the issue, which we remind you it said was not a problem in the first place, and has delivered.

"Over the course of the past 48 hours since that post was published we have researched the issue further and have been in constant contact with Facebook on working out solutions and clarifying behavior on the site," wrote Cubrilovic after finishing some talks with the privacy shredding social network.

"My goal was to both identify bugs in the logout process and see that they are fixed, and to communicate with Facebook in getting some of the unanswered questions answered so that the Facebook using public can be informed of how cookies are used on the site."

He added that Facebook has changed its use of cookies, post logout, as much as it can. He explained that the company will continue to track users after logging out for the good of those users and for its own services. That's an explanation that we do not like too much.

"Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons etc," he added, as he explained that Facebook removed an 'a_user' cookie that was not being cleared on logout.

Another cookie, 'a_xs' that is used to prevent cross-site request forgery has also been removed. "What you see in your browser is largely typical, except a_user which is less common and should be cleared upon logout (it is set on some photo upload pages). There is a bug where a_user was not cleared on logout. We will be fixing that today," the Facebook engineers told Cubrilovic.

Although fixes have been put in place, Cubrilovic still recommends that users treat Facebook and its cookies with some caution.

"I would still recommend that users clear cookies or use a separate browser, though," he added. "I believe Facebook when they describe what these cookies are used for, but that is not a reason to be complacent on privacy issues and [I recommend that users] take initiative in remaining safe." µ