It would be great to have a cookie pop up to cover EU cookie directive...with out such all forums are illegal in the UK & Europe
SMF has said in the past it does not care about UK laws because it is based in the US, so it won't be a core feature, though a mod was written to deal with it.
I'm not sure if that law applies to session cookies, which is what SMF uses, and only to give people the ability to log in without having the session ID in the url.
I could be wrong though, as I never researched the law very carefully.
At the time it seemed to include *any* kind of cookie.
To be honest it's a while I don't follow the news on that, so my informations may be outdated.
The original topic: http://www.simplemachines.org/community/index.php?topic=474727.0
My github repo with the code: https://github.com/emanuele45/EU-cookie-law
I think there is some issue not solved in the mod, but it should more or less work.
My recollection is that the issue was later clarified (at least in the UK) that the law did not apply to session cookies, but only to tracking cookies. Vanilla SMF therefore does not need to say anything about cookies, but if you add something like Google Analytics, you would have to at least warn visitors that tracking cookies are in use.
Of course, it doesn't hurt to tell visitors that you use session cookies, but both common sense and (AFAIK) the law (at least in the UK) don't require it.
There certainly was clarification at the last minute from our government, and there is still the very vague definition of 'implied consent', however other parts of Europe did not grant such exceptions.
its pretty simple to add your own cookie control to a site. Ive got one bit of html in a sp block, and a bit of js and jobs done. We dont go the route of blocking cookies should they request it, its more of a "we use cookies, accept, or leave" thing.
Cant see SMF adding it as default, puts them in a legal predicament, and its simple enough for a user to put in place. Would also need any modifications that used cookies being modified to block the cookie if the user declines.
I prefer to go down the road of if you dont like cookies goodbye as I cant be bothered worrying about changing all kinds to please the odd person who may decide no.
Actually if you turn cookie support completely off in your browser, SMF still works. It just puts the session ID in the URL of the forum. Which doesn't really solve the OP's problem, but it's interesting to point out, because if a user doesn't want to accept cookies, they don't necessarily have to leave.
They do if they want to log in.
Quote from: Arantor on January 24, 2013, 09:32:07 PM
They do if they want to log in.
Even after you turn cookies off, it still lets you log in though. The session ID that would have been stored in a cookie gets put into the URL instead. For instance: http://www.simplemachines.org/community/index.php?PHPSESSID={session-id}&topic=495279.0
Yes, I know it puts the session ID into the URL, but it shouldn't let you log in, or if it does, it won't let you do that much.
Hmm, well I only tested as far as going into the admin panel, posting a message and changing my forum profile.
Interesting, I was always of the understanding that it didn't work.
That said, it should really be removed because in that configuration it is actually a security risk.
My thoughts exactly. That's an XSS/session-hijack waiting to happen.
hmmmm... it doesn't work for me.
If I turn off my cookies, I am prompted for a login after just about every action. I certainly can not get to the admin section
That's odd. It works for me on 2.0.3 with Firefox and Chrome. http://www.youtube.com/watch?v=pFQtXEvXJJw
Please excuse the awful quality of the screencast.
Your FF is broken. :P
I get:
QuoteYou were unable to login. Please check your cookie settings.
Quote from: The Craw on January 25, 2013, 01:21:40 PM
That's odd. It works for me on 2.0.3 with Firefox and Chrome. http://www.youtube.com/watch?v=pFQtXEvXJJw
Please excuse the awful quality of the screencast.
You havnt cleaned out old cookies and blocked all cookies in your browser then.
tested in both opera and chrome, all cookies zapped, cookies and data blocked, I cant logon.
And besides, if you have cookies blocked you cant accept the cookie policy because that uses a cookie to remember that you agree to cookies :D
My luvverly hostess had one of those. I'll ask her how she did it and she may pass it on. :)
Well I'm curious now. I've tried this over and over again following these steps:
1) Clear all cookies
2) Turn off cookie storage
3) Login to the site, navigate around
4) Check cookie list to see if anything was saved anyway, and non are
What the heck? Maybe I'm just special. xD
Stop giving that [expletive] law credibility by paying attention to it. Ignore that piece of [expletive].
We'll stop giving it due attention (as it's a law in our country) when you stop giving the DMCA the same attention.
Roph,
You may disagree with a law... However, once it is actually a law, you need to obey it. Unless YOU are willing to go to jail or get fined for breaking the law in order to make a statement, I suggest that you do not judge other people for choosing to follow the law - and, even if you are, you still don't get to recommend that other people break it.
Quote from: emanuele on January 18, 2013, 01:02:02 PMThe original topic: http://www.simplemachines.org/community/index.php?topic=474727.0
My github repo with the code: https://github.com/emanuele45/EU-cookie-law
I think there is some issue not solved in the mod, but it should more or less work.
I can confirm that that's the one my hostess uses and it seems fine. :)
"SMF has said in the past it does not care about UK laws because it is based in the US, so it won't be a core feature, though a mod was written to deal with it.".....
The UK Gov said the same about a British hacker wanted in the US....lol
You know as well as I do that US law works in US' favour only ;)
"does not care about UK laws" is perhaps a bit flippant. A calmer statement would be that being based in the US, UK laws don't apply to the operations of Simple Machines. However, UK laws would certainly apply to any installation of SMF based in the UK. I don't know the legal status of SMF based in, say, the US, but being used in the UK (such as this forum itself). It would certainly be a nuisance to have to know about, much less obey, hundreds of different (and sometimes conflicting) laws from each country you operate in. It does happen from time to time, such as eBay being censored in France because someone was selling Nazi memorabilia on it (IIRC).
QuoteUS law works in US' favour only
Show me a country, any country, that (deliberately and knowingly) writes it laws to favor another country and hurt itself. I add the D&K specifier because the US does this (presumably inadvertently) quite often.
Quote"does not care about UK laws" is perhaps a bit flippant.
I'm not a project representative, so I can be flippant. However, I would note that that is a fairly accurate interpretation of the commentary when this was first pulled up.
QuoteShow me a country, any country, that (deliberately and knowingly) writes it laws to favor another country and hurt itself
Well done for missing my point.
You can have a law that applies equally in each direction and you can have a law that favours the current country in question.
The case in point was of one Gary McKinnon. A 'cracker' who was in the UK who 'broke' (I use the term loosely, a system that has a blank password is not secure) into NASA systems amongst others.
I bring this up because there is an extradition treaty in force between the US and the UK. The US can ask for - and invariably be given - anyone it likes, which caused an awful lot of stir in this country (seeing how McKinnon was on UK soil when committing the offence, but that was a small detail, and the charges were very deliberately escalated). The UK actually has to make the case that the person did something wrong in this country before the US will even consider it - and in the past this has often been denied even when due process has been followed.
This is what I mean about the US law working in US' favour only. Not being solely in US' favour != being in another country's favour.
Quote from: MrPhil on January 18, 2013, 01:14:13 PM
My recollection is that the issue was later clarified (at least in the UK) that the law did not apply to session cookies, but only to tracking cookies. Vanilla SMF therefore does not need to say anything about cookies, but if you add something like Google Analytics, you would have to at least warn visitors that tracking cookies are in use.
Of course, it doesn't hurt to tell visitors that you use session cookies, but both common sense and (AFAIK) the law (at least in the UK) don't require it.
Quote from: Arantor on January 18, 2013, 01:15:49 PM
There certainly was clarification at the last minute from our government, and there is still the very vague definition of 'implied consent', however other parts of Europe did not grant such exceptions.
What I ended up doing was just have links, from the home page intro and from the forum footer linkfest, to a custom article that explains the situation (only basic session cookies for site functionality, no tracking cookies) and also gives instructions for blocking cookies in all the major browsers, both on a blanket and per site basis.
I figure this complies with the spirit of the law, and actually gives more infomation than is legally required since we're telling them how to block cookies from any site on the web at their own discretion.
It also requires no mods, and is less annoying for most users than silly pop-up stuff. F%&k knows the internet could do with fewer pop-ups. I don't think anyone really wants them.
PS: This is for a UK-based organisation with a server in Texas, and global membership.