Customizing SMF > SMF Coding Discussion
[WIP/BETA] EU cookie law
Arantor:
I think it is, but too many people are attached to chasing the phantom numbers of guests online.
CircleDock:
--- Quote from: Arantor on May 21, 2012, 07:37:21 PM ---
--- Quote ---I fully accept that the ICO site is not 100% compliant and that it is far closer to compliance than many other public sector sites in the UK. But I don't imagine for one minute that they will accept as an excuse that our software provider, SMF, is looking into the issue and that we will be compliant when the necessary changes are made by the developers - even though that, in a nutshell, is the excuse their offering.
--- End quote ---
Why not, since that's their excuse?
--- End quote ---
Oh I agree with you but that's not the point. I'm too cynical to believe that the ICO will take action against another agency of government - including themselves!
--- Quote ---
--- Quote ---I grudgingly agree with your position of removing PHPSESSID completely for performance reasons even though it will mean we lose all track of guests - and I'm not particularly enthusiastic about that.
--- End quote ---
This is the sticking point of my frustration when explaining this issue on Wedge. What exactly do you think you're losing by not having that log?
--- End quote ---
Simply because it's a better estimate of site popularity. Awstats/Webstats are too blunt an instrument in that they record all hits to a site but if Bad Behavior is installed, not all hits will get through. My owners want to know the number of actual readers.
--- Quote ---
--- Quote ---At the risk of repeating myself, surely the "system" can strip-out all cookies immediately prior to serving the page?
--- End quote ---
No, it can't. I spent some time researching that for Wedge.
--- End quote ---
Ah, I wasn't aware of that.
Arantor:
--- Quote ---Oh I agree with you but that's not the point. I'm too cynical to believe that the ICO will take action against another agency of government - including themselves!
--- End quote ---
What, the old boy's club? Heh, no chance.
But there are many provisions in the law itself (and not the layman's advice) about working towards compliance and that action, if taken, will be lessened if the site is making an effort towards compliance as best they are able.
--- Quote ---Simply because it's a better estimate of site popularity. Awstats/Webstats are too blunt an instrument in that they record all hits to a site but if Bad Behavior is installed, not all hits will get through. My owners want to know the number of actual readers.
--- End quote ---
So what? It's still a meaningless number. Assuming you also exclude search engines from that, and that you exclude every single possible search engine, every single possible bot and more from the stats, you're still dealing with a number that doesn't really work. (And believe me, the default listing in SMF plus BB is not even close to that)
All you're getting is a vague number based on the number of requests currently being fired at the server, which is not really substantially more accurate than using awstats. If you really cared about accuracy of stats, you'd be using Google Analytics or similar anyway, even with all the foibles THAT has, privacy aside.
CircleDock:
--- Quote from: Arantor on May 21, 2012, 07:37:21 PM ---
--- Quote ---At the risk of repeating myself, surely the "system" can strip-out all cookies immediately prior to serving the page?
--- End quote ---
No, it can't. I spent some time researching that for Wedge.
--- End quote ---
I don't know whether this would be satisfactory in compliance terms, but how about this: just before serving the page, check $_COOKIE and for each cookie found:
--- Code: ---setcookie("cookieName", "", mktime(12,0,0,1, 1, 1990));
--- End code ---
That should cause them to be destroyed immediately upon receipt by the browser (it says here).
Arantor:
That only solves a fraction of the problem, though, doubly so with logged in users (where both the main and session cookies get a 6 year life time) - some browsers actually treat that as end of session rather than 'from here on'.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version