Advertisement:

Author Topic: We need a cookie pop up  (Read 12915 times)

Offline peaksparkles

  • Newbie
  • *
  • Posts: 8
We need a cookie pop up
« on: January 18, 2013, 12:12:42 PM »
It would be great to have a cookie pop up to cover EU cookie directive...with out such all forums are illegal in the UK & Europe

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #1 on: January 18, 2013, 12:26:58 PM »
SMF has said in the past it does not care about UK laws because it is based in the US, so it won't be a core feature, though a mod was written to deal with it.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

The Craw

  • Guest
Re: We need a cookie pop up
« Reply #2 on: January 18, 2013, 12:29:20 PM »
I'm not sure if that law applies to session cookies, which is what SMF uses, and only to give people the ability to log in without having the session ID in the url.

I could be wrong though, as I never researched the law very carefully.

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: We need a cookie pop up
« Reply #3 on: January 18, 2013, 01:02:02 PM »
At the time it seemed to include *any* kind of cookie.
To be honest it's a while I don't follow the news on that, so my informations may be outdated.

The original topic: http://www.simplemachines.org/community/index.php?topic=474727.0
My github repo with the code: https://github.com/emanuele45/EU-cookie-law

I think there is some issue not solved in the mod, but it should more or less work.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

MrPhil

  • Guest
Re: We need a cookie pop up
« Reply #4 on: January 18, 2013, 01:14:13 PM »
My recollection is that the issue was later clarified (at least in the UK) that the law did not apply to session cookies, but only to tracking cookies. Vanilla SMF therefore does not need to say anything about cookies, but if you add something like Google Analytics, you would have to at least warn visitors that tracking cookies are in use.

Of course, it doesn't hurt to tell visitors that you use session cookies, but both common sense and (AFAIK) the law (at least in the UK) don't require it.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #5 on: January 18, 2013, 01:15:49 PM »
There certainly was clarification at the last minute from our government, and there is still the very vague definition of 'implied consent', however other parts of Europe did not grant such exceptions.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline dimspace

  • Jr. Member
  • **
  • Posts: 343
    • @dimspace on Twitter
    • Velorooms.com
Re: We need a cookie pop up
« Reply #6 on: January 24, 2013, 06:00:29 PM »
its pretty simple to add your own cookie control to a site. Ive got one bit of html in a sp block, and a bit of js and jobs done. We dont go the route of blocking cookies should they request it, its more of a "we use cookies, accept, or leave" thing.

Cant see SMF adding it as default, puts them in a legal predicament, and its simple enough for a user to put in place. Would also need any modifications that used cookies being modified to block the cookie if the user declines.


Offline Night09

  • SMF Hero
  • ******
  • Posts: 1,940
  • Gender: Male
Re: We need a cookie pop up
« Reply #7 on: January 24, 2013, 09:03:22 PM »
I prefer to go down the road of if you dont like cookies goodbye as I cant be bothered worrying about changing all kinds to please the odd person who may decide no.

The Craw

  • Guest
Re: We need a cookie pop up
« Reply #8 on: January 24, 2013, 09:30:56 PM »
Actually if you turn cookie support completely off in your browser, SMF still works. It just puts the session ID in the URL of the forum. Which doesn't really solve the OP's problem, but it's interesting to point out, because if a user doesn't want to accept cookies, they don't necessarily have to leave.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #9 on: January 24, 2013, 09:32:07 PM »
They do if they want to log in.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

The Craw

  • Guest
Re: We need a cookie pop up
« Reply #10 on: January 24, 2013, 10:20:00 PM »
They do if they want to log in.

Even after you turn cookies off, it still lets you log in though. The session ID that would have been stored in a cookie gets put into the URL instead. For instance: http://www.simplemachines.org/community/index.php?PHPSESSID={session-id}&topic=495279.0

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #11 on: January 24, 2013, 11:06:36 PM »
Yes, I know it puts the session ID into the URL, but it shouldn't let you log in, or if it does, it won't let you do that much.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

The Craw

  • Guest
Re: We need a cookie pop up
« Reply #12 on: January 25, 2013, 12:01:36 AM »
Hmm, well I only tested as far as going into the admin panel, posting a message and changing my forum profile.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #13 on: January 25, 2013, 12:10:46 AM »
Interesting, I was always of the understanding that it didn't work.

That said, it should really be removed because in that configuration it is actually a security risk.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

The Craw

  • Guest
Re: We need a cookie pop up
« Reply #14 on: January 25, 2013, 12:38:07 AM »
My thoughts exactly. That's an XSS/session-hijack waiting to happen.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,752
  • Gender: Male
    • Kindred-999 on GitHub
Re: We need a cookie pop up
« Reply #15 on: January 25, 2013, 09:11:22 AM »
hmmmm... it doesn't work for me.
If I turn off my cookies, I am prompted for a login after just about every action. I certainly can not get to the admin section
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

The Craw

  • Guest
Re: We need a cookie pop up
« Reply #16 on: January 25, 2013, 01:21:40 PM »
That's odd. It works for me on 2.0.3 with Firefox and Chrome. http://www.youtube.com/watch?v=pFQtXEvXJJw

Please excuse the awful quality of the screencast.

Offline emanuele

  • SMF Super Hero
  • *******
  • Posts: 14,156
  • Gender: Male
  • THERE'S JUST ME
Re: We need a cookie pop up
« Reply #17 on: January 25, 2013, 01:36:56 PM »
Your FF is broken. :P
I get:
Quote
You were unable to login. Please check your cookie settings.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Offline dimspace

  • Jr. Member
  • **
  • Posts: 343
    • @dimspace on Twitter
    • Velorooms.com
Re: We need a cookie pop up
« Reply #18 on: January 25, 2013, 03:32:41 PM »
That's odd. It works for me on 2.0.3 with Firefox and Chrome. http://www.youtube.com/watch?v=pFQtXEvXJJw

Please excuse the awful quality of the screencast.

You havnt cleaned out old cookies and blocked all cookies in your browser then.

tested in both opera and chrome, all cookies zapped, cookies and data blocked, I cant logon.

And besides, if you have cookies blocked you cant accept the cookie policy because that uses a cookie to remember that you agree to cookies :D

kat

  • Guest
Re: We need a cookie pop up
« Reply #19 on: January 25, 2013, 04:11:36 PM »
My luvverly hostess had one of those. I'll ask her how she did it and she may pass it on. :)

The Craw

  • Guest
Re: We need a cookie pop up
« Reply #20 on: January 25, 2013, 05:02:52 PM »
Well I'm curious now. I've tried this over and over again following these steps:

1) Clear all cookies
2) Turn off cookie storage
3) Login to the site, navigate around
4) Check cookie list to see if anything was saved anyway, and non are

What the heck? Maybe I'm just special. xD

Offline Roph

  • Jr. Member
  • **
  • Posts: 377
  • Gender: Male
Re: We need a cookie pop up
« Reply #21 on: January 25, 2013, 06:15:12 PM »
Stop giving that [expletive] law credibility by paying attention to it. Ignore that piece of [expletive].

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #22 on: January 25, 2013, 06:16:38 PM »
We'll stop giving it due attention (as it's a law in our country) when you stop giving the DMCA the same attention.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,752
  • Gender: Male
    • Kindred-999 on GitHub
Re: We need a cookie pop up
« Reply #23 on: January 25, 2013, 06:55:20 PM »
Roph,

You may disagree with a law... However, once it is actually a law, you need to obey it. Unless YOU are willing to go to jail or get fined for breaking the law in order to make a statement, I suggest that you do not judge other people for choosing to follow the law - and, even if you are, you still don't get to recommend that other people break it.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

kat

  • Guest
Re: We need a cookie pop up
« Reply #24 on: January 26, 2013, 04:22:53 PM »
The original topic: http://www.simplemachines.org/community/index.php?topic=474727.0
My github repo with the code: https://github.com/emanuele45/EU-cookie-law

I think there is some issue not solved in the mod, but it should more or less work.

I can confirm that that's the one my hostess uses and it seems fine. :)

Offline peaksparkles

  • Newbie
  • *
  • Posts: 8
Re: We need a cookie pop up
« Reply #25 on: February 15, 2013, 11:54:35 AM »
"SMF has said in the past it does not care about UK laws because it is based in the US, so it won't be a core feature, though a mod was written to deal with it.".....

The UK Gov said the same about a British hacker wanted in the US....lol

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #26 on: February 15, 2013, 12:05:21 PM »
You know as well as I do that US law works in US' favour only ;)
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

MrPhil

  • Guest
Re: We need a cookie pop up
« Reply #27 on: February 15, 2013, 01:01:54 PM »
"does not care about UK laws" is perhaps a bit flippant. A calmer statement would be that being based in the US, UK laws don't apply to the operations of Simple Machines. However, UK laws would certainly apply to any installation of SMF based in the UK. I don't know the legal status of SMF based in, say, the US, but being used in the UK (such as this forum itself). It would certainly be a nuisance to have to know about, much less obey, hundreds of different (and sometimes conflicting) laws from each country you operate in. It does happen from time to time, such as eBay being censored in France because someone was selling Nazi memorabilia on it (IIRC).

Quote
US law works in US' favour only
Show me a country, any country, that (deliberately and knowingly) writes it laws to favor another country and hurt itself. I add the D&K specifier because the US does this (presumably inadvertently) quite often.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,980
    • StoryBB/StoryBB on GitHub
Re: We need a cookie pop up
« Reply #28 on: February 15, 2013, 01:07:41 PM »
Quote
"does not care about UK laws" is perhaps a bit flippant.

I'm not a project representative, so I can be flippant. However, I would note that that is a fairly accurate interpretation of the commentary when this was first pulled up.

Quote
Show me a country, any country, that (deliberately and knowingly) writes it laws to favor another country and hurt itself

Well done for missing my point.

You can have a law that applies equally in each direction and you can have a law that favours the current country in question.

The case in point was of one Gary McKinnon. A 'cracker' who was in the UK who 'broke' (I use the term loosely, a system that has a blank password is not secure) into NASA systems amongst others.

I bring this up because there is an extradition treaty in force between the US and the UK. The US can ask for - and invariably be given - anyone it likes, which caused an awful lot of stir in this country (seeing how McKinnon was on UK soil when committing the offence, but that was a small detail, and the charges were very deliberately escalated). The UK actually has to make the case that the person did something wrong in this country before the US will even consider it - and in the past this has often been denied even when due process has been followed.

This is what I mean about the US law working in US' favour only. Not being solely in US' favour != being in another country's favour.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,858
  • Master of BBC Abuse
Re: We need a cookie pop up
« Reply #29 on: February 15, 2013, 01:41:43 PM »
My recollection is that the issue was later clarified (at least in the UK) that the law did not apply to session cookies, but only to tracking cookies. Vanilla SMF therefore does not need to say anything about cookies, but if you add something like Google Analytics, you would have to at least warn visitors that tracking cookies are in use.

Of course, it doesn't hurt to tell visitors that you use session cookies, but both common sense and (AFAIK) the law (at least in the UK) don't require it.
There certainly was clarification at the last minute from our government, and there is still the very vague definition of 'implied consent', however other parts of Europe did not grant such exceptions.

What I ended up doing was just have links, from the home page intro and from the forum footer linkfest, to a custom article that explains the situation (only basic session cookies for site functionality, no tracking cookies) and also gives instructions for blocking cookies in all the major browsers, both on a blanket and per site basis.

I figure this complies with the spirit of the law, and actually gives more infomation than is legally required since we're telling them how to block cookies from any site on the web at their own discretion.

It also requires no mods, and is less annoying for most users than silly pop-up stuff. F%&k knows the internet could do with fewer pop-ups. I don't think anyone really wants them.

PS: This is for a UK-based organisation with a server in Texas, and global membership.