How shops manipulate us with cookies

Thursday, 4. March 2021 @ 13:40:25 | #online-shops #manipulation #cookies

This seems to be weird, but yes, shops can manipulate you with simple cookies…


I recently wanted to purchase new lenses. I went on the shop where I always purchase lenses let's name it LenseShop and went to the product I always order. I also got a 40% discount, awesome! However, after looking at the price I've seen it was sort of high compared to the previous times I've purchased it… After looking at my previous invoices, it was clear that the price was higher.

So then I decided to get on Toppreise, which is a website to compare prices of products on different websites. And looked at the article I wanted. And yes it was surprisingly the same price as the price when I first bought them…

So I decided to click on the link to the shop to make sure Toppreise doesn't have any sort of display bug or not the correct price.
What a surprise! After going on the website, I first get a URL with lots of parameters, which will be interesting later, and the price is the same as my previous price :D So let's reload the previous page and at my surprise, I get the price I was supposed to get from the beginning…

How it works

So you might wondering how this works. Well there's not a lot to say beside, 🍪c o o k i e s🍪.

When I clicked on the link that Toppreise gave it, I said there were a lot of parameters, so I decided to see if one of them was triggering this “discount”. And yes, the ish_cs parameter does it all. Here is the link:
What's in bold is exactly what is triggering the surprising “discount”. Before giving that parameter I decided to check the Cookies because that's where I thought they would check if the user gave this parameter, for eventual future purchases.
Here are the Cookies before:

And here are the Cookies after:

I've added a small purple border over the new Cookie that got added, and what a surprise; the value is the same as the parameter of the URL.
So when the shop gives you the price of an article they check the value that the cookie contains.
But what if it's another value? I tried a random number and got no discount, but maybe if you bruteforce it you might get an even stronger discount :)


This example is the perfect example to show, that when searching for the first time a product on their shop will make the price lower, however when you purchase by directly going on their website you don't get this discount :(
That's how you gain new customers at least 👍

Next time you go shopping online, please make sure to check eventual “customer manipulations” like this one.


Become a Patron!

Copyright © 2015-2021 - Krypton