• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject: Re: EU privacy cookie directive
PostPosted: Mon Apr 23, 2012 9:32 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7629
Location: Fernie British Columbia, Canada
Quote:
And, has been requested above, can we please have an explanation of what the CMSSESSID session cookie does. It doesn't appear to be necessary for back-end use.


A session cookie is just that: a cookie that is valid only for the user session. They are stored in a temporary location on the users browser and deleted when the browser is closed.

CMSMS (and many php based applications) uses a session cookie to contain the unique session identifier. Ours happens to be named CMSSESSIDxxxxxxxx where the number assigned is generated by some md5 stuff.

The value of the cookie (known as the session id) is generated upon the first visit of a user to a web page (first visit since they last opened their browser), and sent as a cookie to the client. That cookie is then re-transmitted back to the server on each subsequent request. That cookie contains only a simple randomly generated, unique string. There is no personal information of any sort stored in this cookie or transmitted over the ether.

The session id allows the server to store data relevant to the user (i.e: which month of the CGCalendar he is viewing, or the items in his cart, his login informtion etc.). and to retrieve it back thereby bypassing some of the stateless properties of HTTP. We call this 'storing data in the session' or 'session data'.

Session data is automatically removed from the server after it has reached a period of inactivity (this is a php configuration variable). I.e: if the user browses away from your site, closes the window etc.. the session data is cleared up after a while.

The CMSMS Admin section uses the session (as well as other cookies) in numerous places and to store and retrieve lots of different stateful data.

The frontend of the core does not use the session in any way (yet). However numerous important third party modules require sessions to be available, and assume that the session has already been 'setup' and is ready to use.

Some (not all) of the modules that require an active, and correctly configured session in order to behave properly on the frontend
Captcha
FrontEndUsers
CGFeedback
Cart
Orders
CGEcommerceBase
PaypalGateway
Some of the modules that will not work properly without a correctly setup frontend session:
CGCalendar
CGSmartImage
CGSimpleSmarty
I have not checked every single module, nor do I intend to. I just did some simple searches through some of the modules that I had available on one of my hosts.

Therefore: Having a properly configured session on each request is important to CMSMS sites. I would also hazard a guess to say 'necessary' to a majority of them.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Mon Apr 23, 2012 10:06 pm 
Offline
Forum Members
Forum Members

Joined: Sun Sep 24, 2006 10:49 am
Posts: 77
Thanks for your comprehensive explanation Calguy.

Can you foresee any circumstances in which an opt-in function for cookies would be considered important for inclusion within the CMSMS core or as an extension? If evidence of legal proceedings begin to emerge, for example?


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Tue Apr 24, 2012 1:55 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7629
Location: Fernie British Columbia, Canada
At this point we have no plans to change the way session cookies are used in CMSMS. for a number of reasons:

a: The definitions and guides wrt session cookies such as this seem to be 'in flux'. Even the ICO guidance has changed at least once since our initial reading.

b: Numerous people in the dev team (those who reside in the EU) are not worried about it. Including some that have consulted their lawyers and say that at this time there is nothing to worry about.

c: It would take quite a bi of work to properly disable the session cookie, but to have it start automatically when required (i.e: when logging in to the admin).

d: Disabling the session cookie would instantaneously break numerous modules. Module developers would then get numerous (and repeated) bug reports about module breakages due to no fault of their own. This is not fair to module developers, and personally I am not prepared to do that.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Tue Apr 24, 2012 4:48 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 6807
Location: The Netherlands
I live in the Netherlands, so *IN* the EU.
Looked several times for Dutch web articles about this issue, but I have to say I couldn't find a real clear story about this. Most websites tell different things and all these websites were weblogs of good willing people or news sites, not any Government/Legal sites. But what they all have in common, it is about marketing and advertisement cookies. Not anonymous cookies used for the only purpose of letting a website "work".

Just now, I did another internet search and I found a Dutch "law proposal".
It is refering to the Dutch "Law of the Protection of Personal Data", the whole 2 pages PDF is talking about storing personal tracking data in cookies. Quote: "«third party» cookies used for «behavioral advertising»" In that case a visitor should give his or her explicit permission.

But for the use of cookies to let the website work properly is says (Mostly Google translate, so I hope I get the right scope of the story!!)
"When using websites, services and applications store data on the peripherals of the user or read data from the peripheral and these data can be used to the website or service to function properly. It separates paragraph 3 out for such a functionality of the consent requirement of paragraph 1 under
b. For other functionality, too Examples include so-called first party cookies that are used to the user or subscriber to recognize repeat visits to a website, it is usual consent requirement sufficient.
"

The law-proposal is also talking about "collecting personal data", a session cooky used for the letting a website work doesn't do that!

As far as I understand all the legal stuff (I am not a lawyer and don't own a business), I am not that worried about the first party, non-personal session cookies CMSMS (modules) uses...

The article I am refering to - in Dutch - http://www.webanalisten.nl/wp-content/u ... ookies.pdf

Hope this helps, Rolf

_________________
Image

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return! [ Click here ]



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Sun Apr 29, 2012 2:13 pm 
Offline
Forum Members
Forum Members
User avatar

Joined: Fri Sep 07, 2007 1:00 pm
Posts: 215
Location: Norfolk, England
Here in the UK after the 31st May there will be up to £500,000 fine if you are found to have a web site that does not comply with the EU Cookie Directive. I think its unlikely to happen to many, but I don't want it to happen to my customers or be liable to my customers if there is a problem.

All the other leading CMS's already have add on modules to deal with this. Wordpress, Drupal, Joomla etc have all dealt with this.

I think we need a module that creates a small popup which states something like the following:

Quote:
This web site uses Cookies to function correctly (LINK: What is a Cookie?). No personally identifiable information is stored. Please click ACCEPT to proceed normally or REFUSE to continue on with limited functionality.


Just an idea, but this is what I've seen on other web sites. I don't have the knowledge or ability to create a module.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Sun Apr 29, 2012 3:50 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 6807
Location: The Netherlands
The fact that other CMS's have (third party) add-on modules which add this warning message, will imho not say anything about the real need of this module.

Are the project websites of the other CMS's using these modules?
Are the website of our EU governments using these kind of modules?

Check i.e. http://www.number10.gov.uk
And visit this website http://europa.eu/ when selecting a language there is a cookie set and no warning... It is the website of the people that makes this cookie law, isn't it? :)

But please people, do you have legal proof CMSMS *really* needs this kind of feature, sent us this information! We will study it closely and if necessary take arrangements!

Let's stop this discussion until we have all the facts on the table!!

Rolf

_________________
Image

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return! [ Click here ]



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Sun Apr 29, 2012 7:40 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 6807
Location: The Netherlands
Just a nice addition to my previous post :)

HTTP://EUROPA.EU

About this website
http://europa.eu/abouteuropa/index_en.htm
Quote:
Europa.eu is the official website of the European Union.

Legal notices
http://europa.eu/geninfo/legal_notices_en.htm
Quote:
Cookies – storing information on your computer

What are cookies?

To make this site function properly, we sometimes place small data files on your computer, known as cookies.

Most big websites or internet service providers do this too. Cookies help the site remember your settings – language, font size and other preferences for how you want to view the site on your computer - so you don’t have to keep re-entering them whenever you come back to us.

Also, a number of pages on EUROPA show a survey box that asks you if the content was helpful or not. We store a cookie for this too, so we know not to show the box again once you've responded.

Our cookies are not used to identify you personally. They’re just there to make the site work better for you.

How you can control cookies

You can control and/or delete cookies as you wish – for details, see AboutCookies.org.

You can delete all the cookies already on your computer and you can set most browsers to block them being placed. But if you do this, you may have to manually adjust some preferences every time you visit the site.

The Commission does not use cookies for any other purpose than those presented here and does not use them to collect any personal data for any other purpose.

_________________
Image

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return! [ Click here ]



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Sun Apr 29, 2012 8:05 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Mon Jan 29, 2007 4:47 pm
Posts: 1550
Hah! I was just about to post something similar and gave up since I didn't want to stir things more. :D
Great posts, both of them, Rolf!

_________________
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).


CMSMS Docs | Before Asking For Help!
My developer Page on the Forge | Yet another blog about CMSMS

GeekMoot 2016 in Leicester, UK!



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Thu May 10, 2012 4:04 pm 
Offline
Forum Members
Forum Members
User avatar

Joined: Fri Sep 07, 2007 1:00 pm
Posts: 215
Location: Norfolk, England
well, all I can say is that the opportunity was there to do something but some decided to do nothing.

Those who are proactive will inevitably prosper. Whose that think nothing needs to change will...

The cookie issue even made the BBC TV news here the UK today. I just hope it won't be a CMSMS web site that gets the first £500,000 (€600,000) fine.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri May 18, 2012 10:28 am 
Offline
New Member
New Member

Joined: Fri May 18, 2012 10:25 am
Posts: 1
I find this all rather bizarre - this forum has clearly shown that the law is ambiguous so why take chances?

Also, CMSMS users are clearly asking for support in this matter, so why isn't it being provided? Even if there is an argument that pop-ups and what-not are strictly necessary, the law is ambiguous and people are asking for it...

Am I missing something?


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri May 18, 2012 1:52 pm 
Offline
Forum Members
Forum Members
User avatar

Joined: Fri Sep 07, 2007 1:00 pm
Posts: 215
Location: Norfolk, England
No, you haven't missed something, you've experienced the same unsupportive apathy that I experienced.

The session cookies appear to be classed as "Strictly essential" and thus could be excluded from the new Law. But if you are using any tracking cookies such as Analytics then you will need consent.

I've found numerous third party solutions to this where they place the GA code in some form of Javascript statement and the contents are only parsed if the user consents via popup box or similar notification.

it would be great if someone could come up with a module that performed this (its outside my knowledge).


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri May 18, 2012 3:53 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7629
Location: Fernie British Columbia, Canada
Quote:
All the other leading CMS's already have add on modules to deal with this. Wordpress, Drupal, Joomla etc have all dealt with this.

Yes, they have independently contributed third party addons. I've seen them for wordpress anyways.

Quote:
I think we need a module that creates a small popup which states something like the following:


Yes, any community member(s) could write one (or more) add on modules to deal with this. And the dev team will provide as much technical assistance is possible. Only the regular development rules and forge rules apply.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Thu May 24, 2012 8:33 am 
Offline
Dev Team Member
Dev Team Member

Joined: Tue Feb 14, 2006 9:56 pm
Posts: 262
Guys - if you're in the Uk, take a look at this. It will tell you fairly comprehensively what to do.

http://www.international-chamber.co.uk/ ... _guide.pdf

FYI I simply made sure that I informed all my customers of their responsibilities. Those that choose to ignore that are aware they are doing so themselves.

then for any cmsms sites that want it, I'm using something like what I have done at the following website - http://www.linkcareuk.net/faac-site/faac-home.html


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Thu May 24, 2012 5:57 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 6807
Location: The Netherlands
Thanks for the reply, Scotch33

I came across another website with a "cookie-button". Look in the footer of this page http://www.visitnaestved.com/internatio ... orside.htm

grtz. Rolf

_________________
Image

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return! [ Click here ]



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Thu May 24, 2012 6:27 pm 
Offline
Dev Team Member
Dev Team Member

Joined: Tue Feb 14, 2006 9:56 pm
Posts: 262
And the bbc have just got their site sorted with a lightly more intrusive example. www.bbc.co.uk


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC


Who is online

Users browsing this forum: MaynardnAh


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
CMS Template Buddy