Customizing SMF > SMF Coding Discussion

[WIP/BETA] EU cookie law

(1/50) > >>

emanuele:
Reference: http://www.simplemachines.org/community/index.php?topic=425349.0
Repo: https://github.com/emanuele45/EU-cookie-law
Package: attached

This package is a work in progress, I don't know if all the cookies are blocked.

Please also remember that this mod is intended to work with SMF only, I will not support any mod.

If you find cookies once installed try to provide as much informations as possible to find out why it is created (i.e. action you were doing, mods installed, themes installed, used SSI, particular configurations (permissions, options enabled, etc.).

The attached package should:
[*] prevent any kind of cookie to be set up (even ban-related cookies are not put in place, bans will relay rely on a complete ban check every time unless the user accept the cookie);
[*] since these actions would setup a a cookie, I disabled at "action-time" any post, vote, moderate, etc. action that could create a cookie (I added more than necessary just because I was too lazy to check if the actions actually create a cookie);
[*] the "accept cookie" is obtained through a cookie itself (i.e. once you click on "accept" a cookie is created) that will last for the session (i.e. every time you or your users will close the browser you will be asked again to accept the cookies, this could be changed to a more persistent cookie...let's say a week?);
[*] there is an hidden setting (ecl_strict_interpretation) that enables a possible stricter interpretation of the law: in other terms you or your users will not be allowed to login or register unless the accept the cookies. As far as I can tell this is *not* required by the law (UK instructions on implementation), because as soon as the user registers or logs in he is accepting the communication (or something like that, I read it yesterday and I don't remember the exact terms), but still can be enabled if you want.

Important: the privacy notice is completely unwritten, it's just a placeholder, I'm not good at writing this kind of legal-related things...

CircleDock:
This is an excellent starting point, Emanuele! But I'm still seeing visitor cookies being set :(

Anyone who has the Google Analytics mod installed should perform the following edit on subs.php

Search for:
--- Code: ---function ob_google_analytics($buffer)
{
    global $modSettings, $boardurl;


--- End code ---
Replace with:
--- Code: ---function ob_google_analytics($buffer)
{
    global $modSettings, $boardurl;

    if (!ecl_authorized_cookies()) return;

--- End code ---
This will stop the four cookies set by Google Analytics.

emanuele:

--- Quote from: CircleDock on April 21, 2012, 11:58:38 PM ---This is an excellent starting point, Emanuele! But I'm still seeing visitor cookies being set :(

--- End quote ---
I visited your forum and this applies:

--- Quote from: emanuele on April 21, 2012, 04:30:56 PM ---Please also remember that this mod is intended to work with SMF only, I will not support any mod.

--- End quote ---
I cannot know what other mods you have installed and how all these uses cookies, remove that is responsibility of mods' authors, I can't do (almost) anything about it.

Of course other mods can rely on the functions provided by this mod for their functionalities.

CircleDock:

--- Quote from: emanuele on April 22, 2012, 04:02:00 AM ---
--- Quote from: CircleDock on April 21, 2012, 11:58:38 PM ---This is an excellent starting point, Emanuele! But I'm still seeing visitor cookies being set :(

--- End quote ---
I visited your forum and this applies:

--- Quote from: emanuele on April 21, 2012, 04:30:56 PM ---Please also remember that this mod is intended to work with SMF only, I will not support any mod.

--- End quote ---
I cannot know what other mods you have installed and how all these uses cookies, remove that is responsibility of mods' authors, I can't do (almost) anything about it.

Of course other mods can rely on the functions provided by this mod for their functionalities.

--- End quote ---
I also have another site in the process of construction where I tested your mod. It doesn't have the Portal which I suspect is your concern here. That site also sets the PHPSESSID cookie even when I take no action to permit any cookies.

I have also had a look at the Portal's code and it appears to do nothing which would directly cause a cookie to be set. Using your convenient function, I have blocked Google Analytics as noted above.

Is it possible that SSI has an unplugged path which can cause a cookie to be set? That's about the only thing I can think of.

emanuele:
My point is not that the portal is setting the session, my point is that I cannot see the cookie on your site...unless I enable javascript, so it means it's a script.

Here it is the script that is setting the session:

--- Code: ---http://liveinthephilippinesforum.com/forum/sachat/index.php?action=head&theme=default
--- End code ---

Navigation

[0] Message Index

[#] Next page

Go to full version