extreme84 Posted April 4, 2013 Share Posted April 4, 2013 Because of recent changes in UE Law about cookies policy, administrators of webpages are obliged to inform about cookies used on the page. As I see every webpage based on processwire CMS use one cookie named "wire" (I understand that it is necessary to log in to admin panel). But I think it is not necessery for guest users of the site. Is there any possibility to turn off setting this cookie for guest users? Link to comment Share on other sites More sharing options...
Martijn Geerts Posted April 4, 2013 Share Posted April 4, 2013 For the Dutch law: For techincal needed cookes ( shopping baskets, loggin forms etc ) you don't need to give cookie permission. Link to comment Share on other sites More sharing options...
SiNNuT Posted April 4, 2013 Share Posted April 4, 2013 Bah, this EU Cookie directive and corresponding implementations in national laws are an abomination. I honestly think it has done more harm than good. Annoying the hell out of people leading to blindly accept any popup that mentions the word cookie. 1 Link to comment Share on other sites More sharing options...
pwired Posted April 4, 2013 Share Posted April 4, 2013 The whole cookie thing has become flawed and exploited against site visitors. The law says that a visitor has to be offered a clear explanation and a choice: for what purpose the cookies are going to be used and 1. accept cookies or 2. not accept cookies. Now, If a visitor chooses not to accept cookies he should have access to the site but without cookies. But in reality almost all sites come up with a cookie wall with no way around it: either accept cookies or don't get access to the website. Heck, in reality with a cookie they are writing something to your harddisk ! Remember that statement from Big Data in the old days ? If you don't have anything to hide, you have nothing to worry about ? We'll Funk That ! The real question is: what are others going to do with my private data ? We can read everyday on the internet what is happening with our private data. It gets sold for profit, lost on the street, stolen for identity theft and cross compared with other databases. And above all my collected private data gets outdated out there, without me having access to my own private data so that I can at least update it. Know what I'm saying here ? And what about those super cookies such as flash, pixel hack and eTags ? After you visit their website, they follow you where ever you go on the net ! With super cookies I don't see the difference anymore between advertising/technical purposes for their website and spying. Link to comment Share on other sites More sharing options...
teppo Posted April 4, 2013 Share Posted April 4, 2013 As far as I'm aware (and since I'm not a lawyer or expert on this subject this may be completely wrong) Finnish law generally considers the fact that user hasn't turned cookies off via browser settings an "OK" for a site to use them. It's still strongly recommended for sites to give visitors information about how and what for cookies are used AND only use them when necessary. Haven't heard of any court decisions about this yet, though.. @extreme84: wire cookie is used to identify each section, in case that something session-specific should be stored. As far as I know, this is also required in order to find out if user has already logged in, which pretty much makes it a necessity. If there's currently an option to stop PW from setting up sessions for guests / non-admin URLs, I'm not aware of it. Minor technical note: session cookies can actually be toggled off via PHP settings, but that's generally not recommended as it would cause PHP to send session ID's as GET params (not sure if POST is also possible, but that wouldn't really change much here) which would in turn result in various security risks, so.. don't do it Link to comment Share on other sites More sharing options...
diogo Posted April 4, 2013 Share Posted April 4, 2013 I really don't get these laws... they assume that everyone is dumb and remove all the responsibility from the users. For me, as a user (I'm not even talking as a developer) it's quite irritating to have all those popups and bars bout cookies, and I agree with sinnut that this will only make people ignore them at a point where I can put a popup in my website saying "do you agree to sell me your soul for a pack of cookies?" and everyone will say yes. For me the ideal would be that websites would be forced to have a "cookies policy" statement on the footer or something, where someone that is interested would know where to find it. Or to agree on a meta tag, that browsers would choose how to show people, for instance chrome already shows info about cookies if you press on the left of the url bar, the info on that meta tag could go there. Link to comment Share on other sites More sharing options...
extreme84 Posted April 7, 2013 Author Share Posted April 7, 2013 As I've read, the UE Law allows cookies to be exempted from the requirement of informed consent, if they satisfy one of the following criteria: CRITERION A: the cookie is used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network”. CRITERION B: the cookie is “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”. Do you think that "wire" cookie satisfy this? Link to comment Share on other sites More sharing options...
ryan Posted April 7, 2013 Share Posted April 7, 2013 Do you think that "wire" cookie satisfy this? If I'm reading it right, it seems to meet both criterion A and B. It is currently required by the system for "transmission of communication". And it is "strictly necessary" in order for the system to function. If I can find a way to make it optional, I will. But for the time being, it is required by the system. Link to comment Share on other sites More sharing options...
diogo Posted April 7, 2013 Share Posted April 7, 2013 I think it doesn't meet the criterion B because of this part "service explicitly requested by the subscriber or user to provide the service". But it's enough to conform with A, so everything is fine. Link to comment Share on other sites More sharing options...
ryan Posted April 7, 2013 Share Posted April 7, 2013 service explicitly requested by the subscriber or user to provide the service Doesn't this literally describe a web request? Link to comment Share on other sites More sharing options...
diogo Posted April 7, 2013 Share Posted April 7, 2013 You can read it that way, but in that case all cookies would conform to it. I don't think that was the intention of the legislator. Link to comment Share on other sites More sharing options...
ryan Posted April 7, 2013 Share Posted April 7, 2013 You can read it that way, but in that case all cookies would conform to it. I don't think that was the intention of the legislator. No doubt. But pretty hilarious that they would use the same language that would be used to describe a web request, at least from a systems standpoint. 1 Link to comment Share on other sites More sharing options...
daniels Posted April 23, 2018 Share Posted April 23, 2018 Sorry for rewarming this old beauty, but it was the closest answer to what I'm looking for by forum search and google. For my privacy policy and cookie information, I currently create a list of all cookies that are used by a PW-site. I'd like to provide my users an easy to understand but still informative idea of what the cookies are for. Here is an example: __utmb: Cookie by Google-Analytics that contains a timestamp of a users first visit. Together with __utmc, it can provide information about the time, a user spent on a page. Lifespan: until the end of a session For the wire cookie, I currently have: wire: Necessary cookie by ProcessWire, the CMS-system of the website. It stores and identifies a user session. Lifespan: one year Is this correct and/or can you maybe give me a hint of what I could write here, so a user gets an idea about the necessity? Thank you so much! Link to comment Share on other sites More sharing options...
LostKobrakai Posted April 23, 2018 Share Posted April 23, 2018 If you don't need sessions on your frontend you can disable them. Otherwise this seems fine. Link to comment Share on other sites More sharing options...
projekteins Posted April 23, 2018 Share Posted April 23, 2018 1 hour ago, LostKobrakai said: If you don't need sessions on your frontend you can disable them. Otherwise this seems fine. Yeah we'd like to. But I'm getting ryan's response as the wire cookie is needed by the system and cannot be disabled at this point? Link to comment Share on other sites More sharing options...
LostKobrakai Posted April 23, 2018 Share Posted April 23, 2018 This thread is literally years old. See here for the options regarding disabling the session: https://processwire.com/blog/posts/multi-instance-pw3/#more-session-control 4 Link to comment Share on other sites More sharing options...
daniels Posted April 24, 2018 Share Posted April 24, 2018 Oh, that is cool. Thank you for help and clarification @LostKobrakai Link to comment Share on other sites More sharing options...
tires Posted April 25, 2018 Share Posted April 25, 2018 I am dealing with this privacy policy stuff as well. I got two questions concerning the cookie sessions: Is there any disadvantage to disable cookies for ordinary web users (in the way it is described here: https://processwire.com/blog/posts/multi-instance-pw3/#more-session-control)??? Is this config->sessionAllow function only works for 2.8 and higher? Link to comment Share on other sites More sharing options...
wbmnfktr Posted April 25, 2018 Share Posted April 25, 2018 2 hours ago, tires said: Is there any disadvantage to disable cookies for ordinary web users (in the way it is described here: https://processwire.com/blog/posts/multi-instance-pw3/#more-session-control)??? I'm using this on 3 sites and by now there weren't any glitches, errors or strange things happening on the frontend. All sites are PW 3.x (mostly the latest Master or Dev releases). 1 Link to comment Share on other sites More sharing options...
tires Posted April 25, 2018 Share Posted April 25, 2018 Thanks a lot!!! I will try it out! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now