• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 50 posts ]  Go to page 1, 2, 3, 4  Next
Author Message
 Post subject: EU privacy cookie directive
PostPosted: Thu Feb 09, 2012 7:17 am 
Offline
Forum Members
Forum Members

Joined: Wed Jun 20, 2007 5:40 pm
Posts: 85
Hi All,

Is it at all possible to prevent CMSMS using a session cookie so that the script may be compliant with the new UK cookie laws?

Perhaps a flag in the config file to allow us to switch on/off the session cookie (I dont mean the backend one)

http://www.ico.gov.uk/news/blog/2011/ha ... iance.aspx


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Thu Feb 09, 2012 8:00 am 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 7591
Location: The Netherlands
Only the backend of cmsms uses session (cookies).
The frontend is not. Add-on modules might, but the core isn't.

grtz. Rolf

_________________
Image

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return! [ Click here ]



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Thu Feb 09, 2012 8:48 am 
Offline
Forum Members
Forum Members

Joined: Fri Mar 04, 2011 2:40 pm
Posts: 59
It does...
at least I have a cookie like so: CMSSESSID15bbf057.....
Recent version of CMSms, standard installation without any additional modules.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Thu Feb 09, 2012 9:23 pm 
Offline
Forum Members
Forum Members

Joined: Wed Jun 20, 2007 5:40 pm
Posts: 85
Its not from the backend. Go to http://www.cmsmadesimple.org/ and delete all your cookies related to that page (Firefox > Tools > Page Info > Security > View Cookies).

Refresh the page

You'll most likely see 5 cookies, 1 called CMSSESSID<number> and 4 for GA.

As I dont have access to the cmsmadesimple.org backend, why would CMSMS be placing a cookie called CMSSESSID unless of course there is a module doing this? Try it out on a clean install of CMSMS and see what happens. Try going to http://www.opensourcecms.com and doing the same on the CMSMS demo

Regardless of whether this is a session based or permanent cookie, it still requires consent, hence the question.

You know what, I might be wrong, but I don't know as my coding skills aren't great and I didn't code CMSMS. If I am wrong then I will hold my hand up, apologise to everyone and get on with it.

What I do know is that CMSSESSID shows up when viewing cookies in Firefox and new UK law requires website owners to obtain consent to place cookies on a users terminal.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Feb 10, 2012 8:27 am 
Offline
Forum Members
Forum Members

Joined: Fri Mar 04, 2011 2:40 pm
Posts: 59
@Dr.CSS
sorry to disagree.

I clear all the cookies in Firefox.
I then open a frontend page.
The cookie is set again.

Cookies are activated in /include.php as far as I understand.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Feb 10, 2012 9:24 am 
Offline
Power Poster
Power Poster

Joined: Wed Mar 19, 2008 4:54 pm
Posts: 1050
Did you read the updated version of the advice? http://www.ico.gov.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx

session cookies aren't a problem, they even advice to use session cookies
Quote:
ou should also consider whether users who might make a one-off visit to your site would have a persistent cookie set on their device. If this is the case, you could mitigate any risk that they would object to this by shortening the lifespan of these cookies or, where possible given the purpose for using them, making them session cookies.


also read on page 8, Exceptions from the requirement to provide information and obtain consent, and on page 10, Activities likely to fall within the exception .


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Feb 10, 2012 3:45 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 7591
Location: The Netherlands
I asked Calguy1000: core CMSMS does use session cookies in the frontend! I was wrong here, didn't know that...

But before this was implemented CG did some extensive research in this EU law. He found the quote from Staartmees above and some other pages on this subject.
There is absolutely nothing wrong with the use of session cookies, particularly when that session cookie only contains a single string that does not contain any personal information.
So CMSMS is completly legal to use in the EU.

Hope this answers your question.

Rolf

_________________
Image

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return! [ Click here ]



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Feb 10, 2012 4:24 pm 
Offline
Forum Members
Forum Members

Joined: Fri Mar 04, 2011 2:40 pm
Posts: 59
@Rolf
Thank you.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Feb 10, 2012 4:31 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7966
Location: Fernie British Columbia, Canada
actually, this is slightly incorrect. CMSMS has ALWAYS used session cookies. And we have no plans to change the behavior.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Feb 10, 2012 4:41 pm 
Offline
Administrator
Administrator
User avatar

Joined: Thu Mar 09, 2006 5:32 am
Posts: 12640
Location: Arizona
I was wrong, I apologize...

_________________
Check ver. CMSMS, PHP, server OS, in System Information page.
Default content http://multiintech.com/defaultcontent/
People are Wonderful
Business is Great
Life is Terrific
Ever wonder what happened to the Album module? Well it is alive and well.
http://album.multiintech.com/
Image


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Mon Mar 05, 2012 10:15 am 
Offline
Forum Members
Forum Members
User avatar

Joined: Thu May 21, 2009 1:39 pm
Posts: 10
According to the ICO, regardless of what the cookie is, we will need to tell people what cookie is being run and what the use of it is. My question is, exactly what does the session cookie do as we will need to add this to our Privacy Policy to all exisiting CMSMS websites?

Thanks

Mark


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Apr 20, 2012 8:02 am 
Offline
Forum Members
Forum Members

Joined: Sun Sep 24, 2006 10:49 am
Posts: 77
Rolf wrote:
There is absolutely nothing wrong with the use of session cookies, particularly when that session cookie only contains a single string that does not contain any personal information.
So CMSMS is completly legal to use in the EU.

The question is not whether the setting of certain cookies makes CMSMS "legal" or not, and the above could be misunderstood as meaning that no action need be taken in order to comply with the new law.

The following extract from the guidance document clearly states that the Regulations apply to to both session and persistant cookies, compliance requires seeking the visitors permission to set the session cookie.

Quote:
Session and persistent cookies
Cookies can expire at the end of a browser session (from when a user opens the browser window to when they exit the browser) or they can be stored for longer. The Regulations apply to both types of cookies

So, can the session cookie be removed from the front end?

If not, any suggestions for how to implement an opt-in for CMSMS sites?


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Fri Apr 20, 2012 7:41 pm 
Offline
Forum Members
Forum Members

Joined: Sun Sep 24, 2006 10:49 am
Posts: 77
Thanks for your reply, winkelman.

Can you tell me how to configure CMSMS to prevent the cookie from being set?

EDIT: as you've since deleted your post, I guess not.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Sun Apr 22, 2012 7:44 pm 
Offline
Forum Members
Forum Members
User avatar

Joined: Fri Sep 07, 2007 1:00 pm
Posts: 215
Location: Norfolk, England
I too would like to know how to implement some form of cookie consent system for cmsms.

The info I have read says that all cookies must require consent. But then says session cookies that do not contain personal data and are removed when the browser closes may be exempt. So it seems to contradict.

If we do need consent for ALL cookies, then this needs addressing pretty quick otherwise the cmsms base in the EU is going to look elsewhere (and when at the Geekmoot a few weeks ago, the EU countries is where the largest user base is!)


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: EU privacy cookie directive
PostPosted: Mon Apr 23, 2012 8:50 pm 
Offline
Forum Members
Forum Members

Joined: Sun Sep 24, 2006 10:49 am
Posts: 77
Realistically, if any legal action is taken it will be preceded by a request for a statement of intent i.e. what action the offender intends to take in order to comply, and the time scale. Therefore, as immediate penalties are not threatened, the vast majority of sites will probably do nothing until it becomes imperative.

But that does not mean we should do nothing.

Short of complete compliance, a sensible course of action is to:

1. Audit the cookies on your sites and provide details of their purpose and behaviour in your Privacy Policy information page.

2. Make links to Privacy Policies more prominent i.e. at the top of the page.

3. Include mention of cookies in link, either a direct link to the information or add to Privacy link e.g. "Privacy and Cookies".

Even so, I'd still be interested in how to prevent the CMSMS session cookie being set.

And, has been requested above, can we please have an explanation of what the CMSSESSID session cookie does. It doesn't appear to be necessary for back-end use.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 50 posts ]  Go to page 1, 2, 3, 4  Next

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
A2 Hosting