The Joomla! Forum ™



Forum rules


Global Rules
Posting guidelines for this board <-- please read before posting.

Joomla Idea Pool <-- Add your suggestions for future versions of Joomla and vote on current suggestions.



Post new topic Reply to topic  [ 254 posts ]  Go to page 1, 2, 3, 4, 5 ... 9  Next
Author Message
PostPosted: Wed Apr 04, 2012 12:15 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Apr 03, 2012 12:50 pm
Posts: 12
Hi Guys,

This topic has come about from a discussion on a different thread.
Please look at this discussion regarding the European Electronic Communications Framework

I'm currently looking at what needs to be done in Joomla to allow for compliance with the European Electronic Communications Framework that has to be implemented by 26th May 2012 in the UK.This is of great concern since it can affect everyone with a potential fine of up to £500,000 for a serious breach.
Quote:
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.

The two exceptions to this rule are:
Quote:
•for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
•where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.

The Information Commissioner's Office have released guidance for anyone interested:
ICO Cookie Guidance

I will be trying to do as much work as I can on this and welcome any ideas or help from other people since I can only do this around my forced labour to pay the bills.

Abstract:
Currently Joomla makes use of session variables and cookies in various ways in it's core distribution. All session variables and cookies have to be identified and the end user be given the ability to opt-in to use these session variables and/or cookies before any session variable or cookie is set on the client machine or server.To this end Joomla needs to have the ability to work without session variables and cookies being set until the end user has given their consent.


Last edited by satingoth on Wed Apr 04, 2012 3:49 pm, edited 3 times in total.

Top
 Profile  
 
PostPosted: Wed Apr 04, 2012 12:19 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Apr 03, 2012 12:50 pm
Posts: 12
Files that are using either .cookie(Javascript), $_SESSION(PHP), and/or $_COOKIE(PHP)

Joomla 2.5.4:

$_SESSION and/or $_COOKIE (PHP)
\libraries\joomla\application\input\cookie.php
\libraries\joomla\environment\request.php
\libraries\joomla\session\session.php
\plugins\system\debug\debug.php

.cookie (JS)
\media\editors\tinymce\jscript\tiny_mce\tiny_mce.js
\media\editors\tinymce\jscript\tiny_mce\plugins\paste\editor_plugin.js
\media\editors\tinymce\jscript\tiny_mce\themes\advanced\editor_template.js
\media\system\js\mootools-core-uncompressed.js
\media\system\js\mootools-core.js
\media\system\js\mootools-more-uncompressed.js
\media\system\js\mootools-more.js
\media\system\js\swf-uncompressed.js
\media\system\js\swf.js
\media\system\js\switcher-uncompressed.js
\media\system\js\switcher.js
\media\system\languagefilter\languagefilter.php
\media\system\logout\logout.php


Top
 Profile  
 
PostPosted: Wed Apr 04, 2012 12:37 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Apr 03, 2012 12:50 pm
Posts: 12
My initial plan is to identify what bits we can leave well alone.

I am thinking that if we have a disclaimer bit saying that by logging in you agree to cookies being used then we can ignore things like the editors as they will have given their consent. Similarily consent only has to be given for setting a cookie, not reading a cookie so as long as the coding doesn't break when it doesn't find a cookie it's looking for then hopefully we can minimise any changes that need to be made to the programming.


Top
 Profile  
 
PostPosted: Wed Apr 04, 2012 12:49 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12440
Location: The Girly Side of Joomla in Sussex
a previous discussion on this took place at forum.joomla.org/viewtopic.php?f=428&t=549868

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Wed Apr 04, 2012 12:49 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
Session cookies are probably needed so Joomla files can communicate with the database
Language cookies so menus can be seen in the language of the visitor(although it can be set to 'Registered' view/access level).
The other cookies that you mention appear to be:
  • Template related, a lot of 'framework' Templates ( a lot of user think those type of Templates unnecessary)
  • 3rd party extensions.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Wed Apr 04, 2012 1:01 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
satingoth wrote:
My initial plan is to identify what bits we can leave well alone.

I am thinking that if we have a disclaimer bit saying that by logging in you agree to cookies being used then we can ignore things like the editors as they will have given their consent. Similarily consent only has to be given for setting a cookie, not reading a cookie so as long as the coding doesn't break when it doesn't find a cookie it's looking for then hopefully we can minimise any changes that need to be made to the programming.
Have a look at http://extensions.joomla.org/extensions ... tion/17625

It is basically a login to a special Access/View level. Feel free to enhance it if you wish. The install script needs to identify the ID it is installed at(differs depending on access/veiw levels added previously). Then that id used to cross reference to the user ID(differs depending on user(s) added previously).

Such modifications would prevent the need for manual configuration and help the uninstall script uninstall completely.

I know how to use the if sql statements but not how to parse the variables in the Joomla install script. Putting the code correctly in the install script is essential for 'sanitising' it. Google has it's own way of escaping the put/get to/from the database. 'Sanitising' prevents sql injection.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Wed Apr 04, 2012 4:44 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Apr 03, 2012 12:50 pm
Posts: 12
Well so far I've tested the necessity of the session cookie on Joomla 1.7.3, 2.5.1, 2.5.4 (Vanilla Build) and when it is completely blocked it doesn't break the site however you can't get past any login dialogue but as soon as you allow cookies again you can get past the login dialogue.

For the most part this suggests that we will be able to look at a method that allows blocking of the session variable without it breaking a site, however this will have to be tested further to see exactly how this session variable is then used throughout the code.


Top
 Profile  
 
PostPosted: Wed Apr 04, 2012 5:04 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
satingoth wrote:
Well so far I've tested the necessity of the session cookie on Joomla 1.7.3, 2.5.1, 2.5.4 (Vanilla Build) and when it is completely blocked it doesn't break the site...
But perhaps it is not meant to make the site work. Perhaps the session cookie is to secure the communication between Joomla files and the database. Without the session cookie the site may not be secure ?

Nearly every PHP application uses sessions. This article takes a detailed look at implementing a secure session management mechanism with PHP
...
It is a common misconception that PHP provides a certain level of security with its native session management features. On the contrary, PHP simply provides a convenient mechanism. It is up to the developer to provide the complete solution

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 7:46 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Apr 03, 2012 12:50 pm
Posts: 12
Quote:
Nearly every PHP application uses sessions. This article takes a detailed look at implementing a secure session management mechanism with PHP

Thanks for that link Webdongle, I agree fully as most html browsers (if not all) are stateless and we need it to uniquely identify the user and hence provide a level of security.

What I am thinking of is that before a person logs in to either front end or back end we shouldn't need a secure session as this should just be browsing so we can then use a little tick box with any login dialogue that says 'tick here to opt in to allowing cookies' and a link to the privacy or something and just not let them log in unless they accept cookies.

All this is going on the premise that we can justify the use of cookies for any person wanting to access the 'registered user' areas of the website whereas it doesn't use cookies for people who are just browsing the 'public' areas. That would allow us to tell them they need to opt-in to use cookies and hopefully satisfy those lovely people at ICO.


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 10:29 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
satingoth wrote:
Quote:
...
What I am thinking of is that before a person logs in to either front end or back end we shouldn't need a secure session as this should just be browsing ...

But that is my point. If the session cookie is not set then it allows the visiting Browser(or other software) to by pass the normal operation between the Joomla files and the database.

Thus without the session cookie it allows the site to be hacked. Because the session cookie is to prevent incorrect access to the database.

Am not sure if that is the case and would be good if a dev could confirm or deny it. But
Quote:
PHP simply provides a convenient mechanism. It is up to the developer to provide the complete solution
suggests to me that without the session cooki that the database is accessible.

In short it is the session cookie that tells the Browser(or any software) that it does not have Super User Access. Without it the site is not secure.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Thu Apr 05, 2012 10:47 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri May 15, 2009 2:01 pm
Posts: 3295
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड
As I see it, without the session ID then the transaction between the browser and web-server is open to hijack if an attacker can impersonate a valid session identifier. Without the session ID you would have to rely on the browser header being sent, which may not always be the case.

_________________
A pretty business indeed for a man to be allowed eight hundred thousand sterling a year and worshipped into the bargain! Of more worth is one honest man to society...than all the crowned ruffians that ever lived. Paine 1776


Top
 Profile  
 
PostPosted: Mon Apr 23, 2012 11:27 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
mandville wrote:
...
now if someone gets the tool that aboutcookies site uses to work properly in 1.5 /2.5 that would be brill

Nominet haven't got that 'tool' yet (for those who don't know ... Nominet are the UK Registry responsible for .uk Domain names and IP addresses). They don't give the visitor the choice, they just drop the cookies then say why they use cookies ... no consent is requested http://www.nominet.org.uk/cookies/

As for Joomla using the 'tool' the ICO use .... They run asp on windows "http://www.ico.gov.uk was running Microsoft-IIS on Windows Server 2008 when last queried at 23-Apr-2012 11:23:36 GMT" http://uptime.netcraft.com/up/graph?sit ... ico.gov.uk

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Thu Apr 26, 2012 8:28 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12440
Location: The Girly Side of Joomla in Sussex
i sat in a SMS the other day where a member of web development team stated it only applied to 3rd party cookies, eg advert sites. then i showed him the pdf from ico, and asked why, if the ico dont advertise, do they carry the disclaimer. flumaxed

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Thu Apr 26, 2012 9:23 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
At one time the ICO's site placed a cookie on the PC. I tested with konqueror browser because I found deleting specific cookies easier. I had the browser set to stop cookies and ask for permission. The ICO cms cookie just by passed everything and planted itself on my PC.

Shortly after emailing the ICO about it ... they put a statement up about several people reporting the issue and they were working on it. That notification is still in their Privacy policy but their site no longer puts a session cookie prior to consent.

I still find it interesting that Nominet say they only use first party cookies then say they use Google analytic cookies ? This would indicate that they consider the mew law only to a apply to 3rd party cookies. But is not Google analytics a 3rd party cookie ?
Nominet only use first-party cookies to track visitor interactions and do not collect any personal information. Browsers do not share first-party cookies across domains. Nominet use cookies to gather anonymous usage statistics via Google Analytics, which help analyse data about webpage traffic and improve our website in order to tailor it to customer needs. Nominet’s main website and online services also requires some cookies to function properly.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Thu Apr 26, 2012 9:51 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Apr 03, 2012 12:50 pm
Posts: 12
Hi Guys,

Still working on it but here's an interesting one from Dave Evans, Group Manager for Business & Industry at the Information Commissioner's Office:

Q&A Session eConsultancy.com

And with regards to the law it is any information stored on the clients computer whether it be first party, third party or green party, so I suppose technically if the browser requests a webpage then that is being put on the clients computer and so we should ask that we can do it before they even load the page, but wait to be able to ask them then something would have to be put on their computer to ask them if we can put a webpage on their computer before we ask them if they want to accept anything. After all going to a website is implied consent not explicit consent as required by the directive!

Quote:
“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.;”

Okay, the only answer to all this is to stop using the internet at all. Simples!


Top
 Profile  
 
PostPosted: Thu Apr 26, 2012 10:45 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12440
Location: The Girly Side of Joomla in Sussex
satingoth wrote:
Okay, the only answer to all this is to stop using the internet at all. Simples!
or plain html with out java etc? now wheres my prestel box.....

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 5:10 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jul 13, 2011 9:24 pm
Posts: 26
Hi all,

Please visit my online playground ( http://kissjoomla.stempsite.co.uk ) where I have setup a possible solution for the upcoming EU cookie directive.
It is a Joomla! 2.5 install with only the session cookie being set on arrival.

Any feedback on this possible solution would be appreciated, but especially:

1. Is it easy for non-tech people to use?
2. Is it unobtrusive, but not invisible to visitors?
3. It it too obtrusive?
4. Would you be put off a website using this solution?

Additional: In a real site there would be a link to the cookie policy that would list all cookies, their function and other info. (like which parts of the site will not function without accepting cookies).

This solution will assume new modules/components do have cookies, and the site admin has to manually set it to no-cookies if there are none, I will be adding an admin side nag screen to prompt the review, and to update the module/component and cookie info to the cookies policy (automatically adds module name and states a cookie is set, but not any details)

Hopefully this will be enough for most admins.

So, whatever your thoughts on this law, your feedback about this possible solution is appreciated.

Chris.

PS - I may put the session cookie in the accept/decline list, but am not 100% sure about the effect this would have on site/database security.


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 5:36 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri May 15, 2009 2:01 pm
Posts: 3295
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड
As the law stands at present, consent should be obtained before the session cookie is dropped. I know the great debate is, if or not the ICO will pursue the session cookie as a breach of the regulations and my feeling is not (IMHO) but we are where we are.
The Show Cookie Choice button will only work if the user is not blocking Javascript (silly user!) but I am perhaps showing my "old fart" prejudice on that.
This is interesting and does get us closer, as does the KookieGrab plugin, but sites that require to fully comply for legal, ethical or compliance reasons are still going to have to lose the session cookie on landing.

_________________
A pretty business indeed for a man to be allowed eight hundred thousand sterling a year and worshipped into the bargain! Of more worth is one honest man to society...than all the crowned ruffians that ever lived. Paine 1776


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 6:05 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jul 13, 2011 9:24 pm
Posts: 26
Thanks abernyte,

should have turned js off to make sure the fallback worked (it should have removed the button and displayed the "choice box", with the "no js" message at the top of the screen not the bottom - will fix it soon-ish)

I agree, I can see the ICO adding session cookies to their exemption clauses - or at least ignoring them, thereby never testing (proving) the law applies.

Do you know, by any chance, the effect on security that not having the session cookie set causes?
I have blocked it and run through the site without problems, but I have not done any hard testing (sql injection, xss, cookie poisoning, cookie hijacking) to see if it makes a difference - more or less secure.

Chris.


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 6:19 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12440
Location: The Girly Side of Joomla in Sussex
i can just see us all going to plain html pages with hta redirects to it to prevent direct page calls.
it is still not clear if none adverted hobby/personal sites are counted in the eu directive or not, or if people hosted outside the eu, and/or running a non eu business site require it if accessed by a eu resident

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 6:29 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
@chrisjg

I like it just a few questions
  1. Is the show button necessary ?
  2. How would install in Joomla would it need placing in the default Template ?
  3. Where the message says it is showing the module could please put a Google analytics(or similar)
    So it can be tested to see the cookies being withheld then placed

I used Konqueror Browser (easier for isolating cookies per site) and on clicking the I accept cookies button
Attachment:
snapshot3.png


You do not have the required permissions to view the files attached to this post.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 6:48 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri May 15, 2009 2:01 pm
Posts: 3295
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड
mandville wrote:
it is still not clear if none adverted hobby/personal sites are counted in the eu directive or not, or if people hosted outside the eu, and/or running a non eu business site require it if accessed by a eu resident


Regulation 6 of PECR, paragraph 2 a and b is an exemplar of clarity and brooks no exemption be the site hobby, personal or commercial.
The application of Reg 6 is another matter entirely.
The Regs equally apply to any site intended for or targeted at consumers in the EU regardless of where they originate. Applying that in the US should be fun as I have not noticed that process being bi-directional before.

_________________
A pretty business indeed for a man to be allowed eight hundred thousand sterling a year and worshipped into the bargain! Of more worth is one honest man to society...than all the crowned ruffians that ever lived. Paine 1776


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 6:57 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Feb 21, 2007 1:07 pm
Posts: 13
Location: UK
mandville wrote:
i can just see us all going to plain html pages with hta redirects to it to prevent direct page calls.
it is still not clear if none adverted hobby/personal sites are counted in the eu directive or not, or if people hosted outside the eu, and/or running a non eu business site require it if accessed by a eu resident


I think you're right. After years of convincing clients to get away from website "enter" pages, it looks like going back that way is the easiest solution in the short term.


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 7:01 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri May 15, 2009 2:01 pm
Posts: 3295
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड
Has anyone seen this solution the Analytics cookie before?
http://www.wolf-software.com/downloads/ ... analytics/

_________________
A pretty business indeed for a man to be allowed eight hundred thousand sterling a year and worshipped into the bargain! Of more worth is one honest man to society...than all the crowned ruffians that ever lived. Paine 1776


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 7:06 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
Nice find but it only deals with Google analytics.

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 7:34 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri May 15, 2009 2:01 pm
Posts: 3295
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड
They also list a jconsent script but I can't get it to work with Beez5 as a test. The installation instructions are a tad lacking.

_________________
A pretty business indeed for a man to be allowed eight hundred thousand sterling a year and worshipped into the bargain! Of more worth is one honest man to society...than all the crowned ruffians that ever lived. Paine 1776


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 7:38 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 25009
Location: @Webdongle
But how would that prevent cookies from Joomla modules/components ?

_________________
'When I'm right nobody remembers when I'm wrong nobody forgets.'

http://weblinksonline.co.uk/joomla-faq.html


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 7:51 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Wed Jul 13, 2011 9:24 pm
Posts: 26
@Webdongle

Thanks for the screenshot. Does that happen on other Joomla sites when you login as a user with elevated viewing access levels?

The "accept" button is actually a login button for a default user with viewing privs. for a specified Viewing Access Level. The "block" button is a logout button. They both call the core login/out functions, so it _should_ behave in the same way as any Joomla site.

The show button is not necessary, but I would not want the accept/block displayed all the time. It could easily be removed, or be replaced with a link to an article that has the accept/block button embedded.

I would do this as a module, but it could be integrated into a template without too much trouble.

I will add a cookie to one of the modules so it can be seen to work, maybe the GA one, or maybe just a dummy one that expires at the end of the session.

The Wolf Software solution JPECR (http://jpecr.dev.wolf-software.com) requires you to find every place on your site that sets a cookie and place some code around it - so every time you add a module or component you have to go through the code. Not a nice prospect, and even worse if you are not a coder!

Cheers,

Chris.


Top
 Profile  
 
PostPosted: Mon Apr 30, 2012 7:52 pm 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Fri May 15, 2009 2:01 pm
Posts: 3295
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड
It doesn't. Blind alley! I am going back to sleep. :-[

_________________
A pretty business indeed for a man to be allowed eight hundred thousand sterling a year and worshipped into the bargain! Of more worth is one honest man to society...than all the crowned ruffians that ever lived. Paine 1776


Top
 Profile  
 
PostPosted: Wed May 02, 2012 8:46 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed May 02, 2012 8:41 am
Posts: 4
So just to clarify where we are up to as this seems a complete badly thought out minefield.

I currently administrator around 120 Joomla sites for clients, mainly 1.5 - 2.5

Is the Joomla session cookie just used when login is involved as about half of the sites are just brochure sites with no login facility or is it used regardless ?

I'm guessing we're not likely to get a clear definition from ICO before the deadline as to whether the Joomla session cookie does require permission or not?

Thanks


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 254 posts ]  Go to page 1, 2, 3, 4, 5 ... 9  Next



Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group