extreme84

New UE law for privacy policy (cookies)

Recommended Posts

Because of recent changes in UE Law about cookies policy, administrators of webpages are obliged to inform about cookies used on the page. As I see every webpage based on processwire CMS use one cookie named "wire" (I understand that it is necessary to log in to admin panel). But I think it is not necessery for guest users of the site. Is there any possibility to turn off setting this cookie for guest users?

Share this post


Link to post
Share on other sites

For the Dutch law:

For techincal needed cookes ( shopping baskets, loggin forms etc ) you don't need to give cookie permission.

Share this post


Link to post
Share on other sites

Bah, this EU Cookie directive and corresponding implementations in national laws are an abomination. I honestly think it has done more harm than good. Annoying the  hell out of people leading to blindly accept any popup that mentions the word cookie.

  • Like 1

Share this post


Link to post
Share on other sites

The whole cookie thing has become flawed and exploited against site visitors. The law says that a visitor has to be offered a clear explanation and a choice: for what purpose the cookies are going to be used and 1. accept cookies or 2. not accept cookies. Now, If a visitor chooses not to accept cookies he should have access to the site but without cookies.

But in reality almost all sites come up with a cookie wall with no way around it: either accept cookies or don't get access to the website.

Heck, in reality with a cookie they are writing something to your harddisk ! Remember that statement from Big Data in the old days ? If you don't have anything to hide, you have nothing to worry about ? We'll Funk That !

The real question is: what are others going to do with my private data ? We can read everyday on the internet what is happening with our private data. It gets sold for profit, lost on the street, stolen for identity theft and cross compared with other databases. And above all my collected private data gets outdated out there, without me having access to my own private data so that I can at least update it. Know what I'm saying here ? And what about those super cookies such as flash, pixel hack and eTags ? After you visit their website, they follow you where ever you go on the net ! With super cookies I don't see the difference anymore between advertising/technical purposes for their website and spying.

Share this post


Link to post
Share on other sites

As far as I'm aware (and since I'm not a lawyer or expert on this subject this may be completely wrong) Finnish law generally considers the fact that user hasn't turned cookies off via browser settings an "OK" for a site to use them. It's still strongly recommended for sites to give visitors information about how and what for cookies are used AND only use them when necessary. Haven't heard of any court decisions about this yet, though..

@extreme84: wire cookie is used to identify each section, in case that something session-specific should be stored. As far as I know, this is also required in order to find out if user has already logged in, which pretty much makes it a necessity. If there's currently an option to stop PW from setting up sessions for guests / non-admin URLs, I'm not aware of it.

Minor technical note: session cookies can actually be toggled off via PHP settings, but that's generally not recommended as it would cause PHP to send session ID's as GET params (not sure if POST is also possible, but that wouldn't really change much here) which would in turn result in various security risks, so.. don't do it  :)

Share this post


Link to post
Share on other sites

I really don't get these laws... they assume that everyone is dumb and remove all the responsibility from the users. For me, as a user (I'm not even talking as a developer) it's quite irritating to have all those popups and bars bout cookies, and I agree with sinnut that this will only make people ignore them at a point where I can put a popup in my website saying "do you agree to sell me your soul for a pack of cookies?" and everyone will say yes.

For me the ideal would be that websites would be forced to have a "cookies policy" statement on the footer or something, where someone that is interested would know where to find it. Or to agree on a meta tag, that browsers would choose how to show people, for instance chrome already shows info about cookies if you press on the left of the url bar, the info on that meta tag could go there.

Share this post


Link to post
Share on other sites

As I've read, the UE Law allows cookies to be exempted from the requirement of informed consent, if they satisfy one of the following criteria:


CRITERION A: the cookie is used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network”.


CRITERION B: the cookie is “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”.

Do you think that "wire" cookie satisfy this?

Share this post


Link to post
Share on other sites
Do you think that "wire" cookie satisfy this?

If I'm reading it right, it seems to meet both criterion A and B. It is currently required by the system for "transmission of communication". And it is "strictly necessary" in order for the system to function. If I can find a way to make it optional, I will. But for the time being, it is required by the system.

Share this post


Link to post
Share on other sites

I think it doesn't meet the criterion B because of this part "service explicitly requested by the subscriber or user to provide the service". But it's enough to conform with A, so everything is fine.

Share this post


Link to post
Share on other sites
service explicitly requested by the subscriber or user to provide the service

Doesn't this literally describe a web request? 

Share this post


Link to post
Share on other sites

You can read it that way, but in that case all cookies would conform to it. I don't think that was the intention of the legislator.

Share this post


Link to post
Share on other sites
You can read it that way, but in that case all cookies would conform to it. I don't think that was the intention of the legislator.

No doubt. But pretty hilarious that they would use the same language that would be used to describe a web request, at least from a systems standpoint. :)

  • Like 1

Share this post


Link to post
Share on other sites

Sorry for rewarming this old beauty, but it was the closest answer to what I'm looking for by forum search and google.

For my privacy policy and cookie information, I currently create a list of all cookies that are used by a PW-site. I'd like to provide my users an easy to understand but still informative idea of what the cookies are for.

Here is an example:

__utmb: Cookie by Google-Analytics that contains a timestamp of a users first visit. Together with __utmc, it can provide information about the time, a user spent on a page. Lifespan: until the end of a session

For the wire cookie, I currently have:

wire: Necessary cookie by ProcessWire, the CMS-system of the website. It stores and identifies a user session. Lifespan: one year

Is this correct and/or can you maybe give me a hint of what I could write here, so a user gets an idea about the necessity?

Thank you so much!

Share this post


Link to post
Share on other sites

If you don't need sessions on your frontend you can disable them. Otherwise this seems fine. 

Share this post


Link to post
Share on other sites
1 hour ago, LostKobrakai said:

If you don't need sessions on your frontend you can disable them. Otherwise this seems fine. 

Yeah we'd like to. But I'm getting ryan's response as the wire cookie is needed by the system and cannot be disabled at this point?

Share this post


Link to post
Share on other sites
2 hours ago, tires said:

Is there any disadvantage to disable cookies for ordinary web users (in the way it is described here: https://processwire.com/blog/posts/multi-instance-pw3/#more-session-control)???

I'm using this on 3 sites and by now there weren't any glitches, errors or strange things happening on the frontend. All sites are PW 3.x (mostly the latest Master or Dev releases).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By quickjeff
      Hi Guys, 
      I wanted to start this thread to see what others are doing to make sure they are compliant with GDPR.
      Basically, a ton of websites are built on WordPress and I am seeing tons of plugins being rolled out to help with cookie compliance etc. 
      Processwire however, doesn't have anything available. Also, if we are using FormBuilder, do we need an opt-in checkbox?
    • By dragan
      If I have two PW sites that sit in separate folders, I can't be logged-in in both sites.
      e.g.
      site.com/project-a/pw-admin-slug/
      site.com/project-b/pw-admin-slug/
      If I login to project-a, then also login to project-b, get back to the first site, I have to login again.
      Is the cookie / session mechanism storing my domain? If it does, and it's meant to be some sort of security enhancement, it should not check my domain, but root-URL of the PW-installation. (strangely, this doesn't happen on localhost)
      Is it possible to prevent that behavior? Often I have two sites open (e.g. check to see if I have the same CKEditor setup and quickly copy and paste it, or copy a user-role)
    • By Macrura
      I have a client who wants to have a modal pop up box (i'm using the Zurb 'Reveal' jquery plugin for it) on their homepage, but they only want it to appear once per visit, so if the user clicks back to the homepage, they don't get the pop up again.
      Just wondering if anyone has any idea how to do this with php/processwire, or should i be using jquery cookies?
      Thanks,
      Marc