Cookie Mechanics

Understanding how cross-domain cookies work within the IM18+ verification system. Learn the technical implementation details and security considerations.

🍪 How Cross-Domain Cookies Work

IM18+ uses a sophisticated cross-domain cookie system to enable "verify once, access everywhere" functionality while maintaining user privacy. Here's how it works technically:

Single Cookie Approach

Unlike complex multi-cookie systems, IM18+ uses just two simple cookies:

  • age_verified - Boolean verification flag
  • verification_timestamp - When verification occurred

Verification Flow

1

Initial Check

Partner site loads invisible iframe pointing to IM18+ verification endpoint

2

Cookie Check

IM18+ service checks for existing verification cookies in its domain

3

PostMessage Response

Verification status sent back to partner site via secure postMessage

4

Content Display

Partner site shows appropriate content based on verification status

Security Features

🔒 Domain Isolation

Cookies are set only on verify.im18.app domain, preventing tampering from partner sites.

⏰ Time Expiry

Automatic 30-day expiration ensures verification doesn't persist indefinitely.

🚫 No Personal Data

Only verification flag and timestamp stored - no names, emails, or identifying information.

🛡️ HttpOnly + Secure

Cookies use HttpOnly and Secure flags for protection against XSS and interception.

💻 Implementation Example

Partner Site Integration

<!-- Invisible verification iframe -->
<iframe id="verification-check"
        src="https://verify.im18.app/api/check-anonymous.php"
        style="display: none;"></iframe>

<script>
// Listen for verification response
window.addEventListener('message', function(event) {
    if (event.origin !== 'https://verify.im18.app') return;

    if (event.data.type === 'verification_result') {
        if (event.data.verified) {
            showMainContent();
        } else {
            showAgeVerificationModal();
        }
    }
});
</script>

IM18+ Service Response

// Posted back to partner site
{
    "type": "verification_result",
    "verified": true,
    "data": {
        "verified_at": "2025-01-21T12:00:00Z",
        "expires_at": "2025-02-20T12:00:00Z",
        "expires_in": 2592000,
        "service": "IM18+",
        "privacy": "zero-knowledge"
    }
}

⚙️ Technical Considerations

Browser Compatibility

The system works across all modern browsers and handles third-party cookie restrictions gracefully:

  • Safari's Intelligent Tracking Prevention (ITP) compatible
  • Chrome's third-party cookie phase-out ready
  • Firefox Enhanced Tracking Protection supported
  • Fallback verification methods for restrictive environments

Performance Impact

Minimal performance overhead with smart implementation:

  • Iframe loads asynchronously (non-blocking)
  • PostMessage response typically under 100ms
  • No external dependencies or libraries required
  • Cached verification reduces repeat checks

Privacy Compliance

The cookie system is designed with privacy regulations in mind:

  • GDPR compliant - no personal data processing
  • CCPA compatible - no data sale or sharing
  • Transparent operation with clear user control
  • Easy deletion and opt-out mechanisms

© 2025 IM18+ Age Verification System. Secure, federated, privacy-focused.

Home | Documentation | Developer Tools