All Discussions > Steam Forums > Help and Tips > Topic Details
Amplifier (Banned) Apr 3, 2015 @ 5:42pm
Why does Steam run on browser cookies, exactly?
I came across a thread in the TF2 discussion that stated something along the lines of this:
Originally posted by Random Thread:
I recently reinstalled Firefox because is was running strangely.

When I went to log into Steam, I had to enter a code, similarly to when you access from a new device.

This wasn't a new device. I've only ever accessed from this computer and my phone.

Isn't there a better way to make sure that you're not a hacker other than browser cookies?


At first I thought the guy was full of trash. I personally always though Steam's log in recognition ran on IP recognition, not browser recognition.

But then I encountered a bug with Google Chrome. The "A plug in (Shockwave Flash) has stopped responding" bug will cause any program using Shockwave Flash (no duh) to not work. This includes many programs, but most notably web video players, like YouTube.

I found a thread on the google forums (Yes they have forums. I know, right?) where someone said that you should Reset Settings to try to fix it. (Essentially preform a Factory Reset.)

Most people on the forum said it worked, so I tried it out. And low and behold, it worked! :meaty:

So with that in mind I go to Steam for a reason. But since I just factory reset my browser:
Hey! It looks like you're trying to access Steam from a new device, or maybe it's just been awhile.


Why does Steam run on browser cookies, exactly? I understand that it's convenient, but it's also really dumb.
Browser cookies are extremely easy to get rid of (hence the "or maybe it's just been awhile" part of the code message), and can potentially be removed by anti-virus software. (Or, you know, factory resetting your browser.)

I just seems to make more sense for Steam to run on IP recognition. It would achieve the same results, granted with less annoyance with re-entering log-in codes.

It is possible that someone can use IP recognition to bypass Steam's security, but then you could remove a suspicious IP from your IP list. (Because after all, Steam asks you for a "friendly name" whenever you log in from a "new location") (Also, someone could just as easily create a fake cookie to bypass Steam Guard.)


I'm no computer genius. Maybe there's some problem with cost or upkeep or something that I'm missing. Still, I think this is a stupid little oddity that could and should be easily repaired.
< >
Showing 1-5 of 5 comments
Satoru Apr 3, 2015 @ 6:11pm 
Cookies are the only way websites can store persistent data that cannot be accessed by other sites. Since steam itself is entirely web based AND has to be OS agnostic, it stores it in cookies. There's no other way for a web session to store data. It's how the web works.

IP recognition is bad because people change IP's all the time. People on mobile phones change IP addresses when they switch cell towers.

What you'r asking for essentially is for a website to somehow store arbitrary data anywhere on your PC. You might realize how dangerous such a feature would be, if suddenly you visited Satoru's Totally Not Malware FREE STEEM GAMEZ STORE and I started throwing malware installation links in your startup folder.
Last edited by Satoru; Apr 3, 2015 @ 6:12pm
#1
Unexpected Apr 3, 2015 @ 7:43pm 
steam does use cookies but it is not a huge invasion of privacy, whenever you go offline it wipes most of them and the next day it resets, such as the age gate for certain games
#2
SimicEngineer Apr 3, 2015 @ 9:53pm 
Even most home PCs running Steam don't have a static, unique IP address. They're behind a Cable/DSL router that does NAT and could be assigned a new IP at any time (though in practice it's not unheard of for people to go a year or more between changes).
#3
donkeronderwater Apr 5, 2015 @ 1:46pm 
This is actually the proper way to use browser cookies...
And for this particular situation it is the best possible solution.

There are other ways to store data in your browser, (flash cookies, and the 'persistant storage' databases). But that is just more of the same. Browser cookies is the way ALL websites use where you log in. And you can combine it with ip data and fingerprinting, but you can't do it the other way around without creating security problems.
Whatever the rumour say about browser cookies, they are generally not spyware.
#4
AugustsEve Apr 5, 2015 @ 1:51pm 
IP recognition isn't viable. Consider a situation where you have College dorms. More than likely you'll have 200+ people, many of them Steam users, all accessing the service from the same IP or small subset of IPs.

A token system (such as a browser cookie) is really the best way to go here.
#5
< >
Showing 1-5 of 5 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Apr 3, 2015 @ 5:42pm
Posts: 5
Start a New Discussion

Discussions Rules and Guidelines