News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

We need a cookie pop up

Started by peaksparkles, January 18, 2013, 12:12:42 PM

Previous topic - Next topic

peaksparkles

It would be great to have a cookie pop up to cover EU cookie directive...with out such all forums are illegal in the UK & Europe

Arantor

SMF has said in the past it does not care about UK laws because it is based in the US, so it won't be a core feature, though a mod was written to deal with it.
Holder of controversial views, all of which my own.


The Craw

I'm not sure if that law applies to session cookies, which is what SMF uses, and only to give people the ability to log in without having the session ID in the url.

I could be wrong though, as I never researched the law very carefully.

emanuele

At the time it seemed to include *any* kind of cookie.
To be honest it's a while I don't follow the news on that, so my informations may be outdated.

The original topic: http://www.simplemachines.org/community/index.php?topic=474727.0
My github repo with the code: https://github.com/emanuele45/EU-cookie-law

I think there is some issue not solved in the mod, but it should more or less work.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

MrPhil

My recollection is that the issue was later clarified (at least in the UK) that the law did not apply to session cookies, but only to tracking cookies. Vanilla SMF therefore does not need to say anything about cookies, but if you add something like Google Analytics, you would have to at least warn visitors that tracking cookies are in use.

Of course, it doesn't hurt to tell visitors that you use session cookies, but both common sense and (AFAIK) the law (at least in the UK) don't require it.

Arantor

There certainly was clarification at the last minute from our government, and there is still the very vague definition of 'implied consent', however other parts of Europe did not grant such exceptions.
Holder of controversial views, all of which my own.


dimspace

its pretty simple to add your own cookie control to a site. Ive got one bit of html in a sp block, and a bit of js and jobs done. We dont go the route of blocking cookies should they request it, its more of a "we use cookies, accept, or leave" thing.

Cant see SMF adding it as default, puts them in a legal predicament, and its simple enough for a user to put in place. Would also need any modifications that used cookies being modified to block the cookie if the user declines.


Night09

I prefer to go down the road of if you dont like cookies goodbye as I cant be bothered worrying about changing all kinds to please the odd person who may decide no.

The Craw

Actually if you turn cookie support completely off in your browser, SMF still works. It just puts the session ID in the URL of the forum. Which doesn't really solve the OP's problem, but it's interesting to point out, because if a user doesn't want to accept cookies, they don't necessarily have to leave.

Arantor

They do if they want to log in.
Holder of controversial views, all of which my own.


The Craw

Quote from: Arantor on January 24, 2013, 09:32:07 PM
They do if they want to log in.

Even after you turn cookies off, it still lets you log in though. The session ID that would have been stored in a cookie gets put into the URL instead. For instance: http://www.simplemachines.org/community/index.php?PHPSESSID={session-id}&topic=495279.0

Arantor

Yes, I know it puts the session ID into the URL, but it shouldn't let you log in, or if it does, it won't let you do that much.
Holder of controversial views, all of which my own.


The Craw

Hmm, well I only tested as far as going into the admin panel, posting a message and changing my forum profile.

Arantor

Interesting, I was always of the understanding that it didn't work.

That said, it should really be removed because in that configuration it is actually a security risk.
Holder of controversial views, all of which my own.


The Craw

My thoughts exactly. That's an XSS/session-hijack waiting to happen.

Kindred

hmmmm... it doesn't work for me.
If I turn off my cookies, I am prompted for a login after just about every action. I certainly can not get to the admin section
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

The Craw

That's odd. It works for me on 2.0.3 with Firefox and Chrome. http://www.youtube.com/watch?v=pFQtXEvXJJw

Please excuse the awful quality of the screencast.

emanuele

Your FF is broken. :P
I get:
QuoteYou were unable to login. Please check your cookie settings.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

dimspace

Quote from: The Craw on January 25, 2013, 01:21:40 PM
That's odd. It works for me on 2.0.3 with Firefox and Chrome. http://www.youtube.com/watch?v=pFQtXEvXJJw

Please excuse the awful quality of the screencast.

You havnt cleaned out old cookies and blocked all cookies in your browser then.

tested in both opera and chrome, all cookies zapped, cookies and data blocked, I cant logon.

And besides, if you have cookies blocked you cant accept the cookie policy because that uses a cookie to remember that you agree to cookies :D

kat

My luvverly hostess had one of those. I'll ask her how she did it and she may pass it on. :)

Advertisement: