European Electronic Communications Framework Compliance

Do you have an idea for the Joomla community that you can help implement? Discuss in here.
Locked
satingoth
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Apr 03, 2012 12:50 pm

European Electronic Communications Framework Compliance

Post by satingoth » Wed Apr 04, 2012 12:15 pm

Hi Guys,

This topic has come about from a discussion on a different thread.
Please look at this discussion regarding the European Electronic Communications Framework

I'm currently looking at what needs to be done in Joomla to allow for compliance with the European Electronic Communications Framework that has to be implemented by 26th May 2012 in the UK.This is of great concern since it can affect everyone with a potential fine of up to £500,000 for a serious breach.
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
The two exceptions to this rule are:
•for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
•where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.

The Information Commissioner's Office have released guidance for anyone interested:
ICO Cookie Guidance

I will be trying to do as much work as I can on this and welcome any ideas or help from other people since I can only do this around my forced labour to pay the bills.

Abstract:
Currently Joomla makes use of session variables and cookies in various ways in it's core distribution. All session variables and cookies have to be identified and the end user be given the ability to opt-in to use these session variables and/or cookies before any session variable or cookie is set on the client machine or server.To this end Joomla needs to have the ability to work without session variables and cookies being set until the end user has given their consent.
Last edited by satingoth on Wed Apr 04, 2012 3:49 pm, edited 3 times in total.

satingoth
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Apr 03, 2012 12:50 pm

Re: European Electronic Communications Framework Compliance

Post by satingoth » Wed Apr 04, 2012 12:19 pm

Files that are using either .cookie(Javascript), $_SESSION(PHP), and/or $_COOKIE(PHP)

Joomla 2.5.4:

$_SESSION and/or $_COOKIE (PHP)
\libraries\joomla\application\input\cookie.php
\libraries\joomla\environment\request.php
\libraries\joomla\session\session.php
\plugins\system\debug\debug.php

.cookie (JS)
\media\editors\tinymce\jscript\tiny_mce\tiny_mce.js
\media\editors\tinymce\jscript\tiny_mce\plugins\paste\editor_plugin.js
\media\editors\tinymce\jscript\tiny_mce\themes\advanced\editor_template.js
\media\system\js\mootools-core-uncompressed.js
\media\system\js\mootools-core.js
\media\system\js\mootools-more-uncompressed.js
\media\system\js\mootools-more.js
\media\system\js\swf-uncompressed.js
\media\system\js\swf.js
\media\system\js\switcher-uncompressed.js
\media\system\js\switcher.js
\media\system\languagefilter\languagefilter.php
\media\system\logout\logout.php

satingoth
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Apr 03, 2012 12:50 pm

Re: European Electronic Communications Framework Compliance

Post by satingoth » Wed Apr 04, 2012 12:37 pm

My initial plan is to identify what bits we can leave well alone.

I am thinking that if we have a disclaimer bit saying that by logging in you agree to cookies being used then we can ignore things like the editors as they will have given their consent. Similarily consent only has to be given for setting a cookie, not reading a cookie so as long as the coding doesn't break when it doesn't find a cookie it's looking for then hopefully we can minimise any changes that need to be made to the programming.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: European Electronic Communications Framework Compliance

Post by mandville » Wed Apr 04, 2012 12:49 pm

a previous discussion on this took place at forum.joomla.org/viewtopic.php?f=428&t=549868
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Wed Apr 04, 2012 12:49 pm

Session cookies are probably needed so Joomla files can communicate with the database
Language cookies so menus can be seen in the language of the visitor(although it can be set to 'Registered' view/access level).
The other cookies that you mention appear to be:
  • Template related, a lot of 'framework' Templates ( a lot of user think those type of Templates unnecessary)
  • 3rd party extensions.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Wed Apr 04, 2012 1:01 pm

satingoth wrote:My initial plan is to identify what bits we can leave well alone.

I am thinking that if we have a disclaimer bit saying that by logging in you agree to cookies being used then we can ignore things like the editors as they will have given their consent. Similarily consent only has to be given for setting a cookie, not reading a cookie so as long as the coding doesn't break when it doesn't find a cookie it's looking for then hopefully we can minimise any changes that need to be made to the programming.
Have a look at http://extensions.joomla.org/extensions ... tion/17625

It is basically a login to a special Access/View level. Feel free to enhance it if you wish. The install script needs to identify the ID it is installed at(differs depending on access/veiw levels added previously). Then that id used to cross reference to the user ID(differs depending on user(s) added previously).

Such modifications would prevent the need for manual configuration and help the uninstall script uninstall completely.

I know how to use the if sql statements but not how to parse the variables in the Joomla install script. Putting the code correctly in the install script is essential for 'sanitising' it. Google has it's own way of escaping the put/get to/from the database. 'Sanitising' prevents sql injection.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

satingoth
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Apr 03, 2012 12:50 pm

Re: European Electronic Communications Framework Compliance

Post by satingoth » Wed Apr 04, 2012 4:44 pm

Well so far I've tested the necessity of the session cookie on Joomla 1.7.3, 2.5.1, 2.5.4 (Vanilla Build) and when it is completely blocked it doesn't break the site however you can't get past any login dialogue but as soon as you allow cookies again you can get past the login dialogue.

For the most part this suggests that we will be able to look at a method that allows blocking of the session variable without it breaking a site, however this will have to be tested further to see exactly how this session variable is then used throughout the code.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Wed Apr 04, 2012 5:04 pm

satingoth wrote:Well so far I've tested the necessity of the session cookie on Joomla 1.7.3, 2.5.1, 2.5.4 (Vanilla Build) and when it is completely blocked it doesn't break the site...
But perhaps it is not meant to make the site work. Perhaps the session cookie is to secure the communication between Joomla files and the database. Without the session cookie the site may not be secure ?
http://shiflett.org/articles/the-truth-about-sessions wrote:Nearly every PHP application uses sessions. This article takes a detailed look at implementing a secure session management mechanism with PHP
...
It is a common misconception that PHP provides a certain level of security with its native session management features. On the contrary, PHP simply provides a convenient mechanism. It is up to the developer to provide the complete solution
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

satingoth
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Apr 03, 2012 12:50 pm

Re: European Electronic Communications Framework Compliance

Post by satingoth » Thu Apr 05, 2012 7:46 am

Nearly every PHP application uses sessions. This article takes a detailed look at implementing a secure session management mechanism with PHP
Thanks for that link Webdongle, I agree fully as most html browsers (if not all) are stateless and we need it to uniquely identify the user and hence provide a level of security.

What I am thinking of is that before a person logs in to either front end or back end we shouldn't need a secure session as this should just be browsing so we can then use a little tick box with any login dialogue that says 'tick here to opt in to allowing cookies' and a link to the privacy or something and just not let them log in unless they accept cookies.

All this is going on the premise that we can justify the use of cookies for any person wanting to access the 'registered user' areas of the website whereas it doesn't use cookies for people who are just browsing the 'public' areas. That would allow us to tell them they need to opt-in to use cookies and hopefully satisfy those lovely people at ICO.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Thu Apr 05, 2012 10:29 am

satingoth wrote:
...
What I am thinking of is that before a person logs in to either front end or back end we shouldn't need a secure session as this should just be browsing ...
But that is my point. If the session cookie is not set then it allows the visiting Browser(or other software) to by pass the normal operation between the Joomla files and the database.

Thus without the session cookie it allows the site to be hacked. Because the session cookie is to prevent incorrect access to the database.

Am not sure if that is the case and would be good if a dev could confirm or deny it. But
PHP simply provides a convenient mechanism. It is up to the developer to provide the complete solution
suggests to me that without the session cooki that the database is accessible.

In short it is the session cookie that tells the Browser(or any software) that it does not have Super User Access. Without it the site is not secure.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: European Electronic Communications Framework Compliance

Post by abernyte » Thu Apr 05, 2012 10:47 am

As I see it, without the session ID then the transaction between the browser and web-server is open to hijack if an attacker can impersonate a valid session identifier. Without the session ID you would have to rely on the browser header being sent, which may not always be the case.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

European Electronic Communications Framework.

Post by Webdongle » Mon Apr 23, 2012 11:27 am

mandville wrote:...
now if someone gets the tool that aboutcookies site uses to work properly in 1.5 /2.5 that would be brill
Nominet haven't got that 'tool' yet (for those who don't know ... Nominet are the UK Registry responsible for .uk Domain names and IP addresses). They don't give the visitor the choice, they just drop the cookies then say why they use cookies ... no consent is requested http://www.nominet.org.uk/cookies/

As for Joomla using the 'tool' the ICO use .... They run asp on windows "http://www.ico.gov.uk was running Microsoft-IIS on Windows Server 2008 when last queried at 23-Apr-2012 11:23:36 GMT" http://uptime.netcraft.com/up/graph?sit ... ico.gov.uk
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: European Electronic Communications Framework Compliance

Post by mandville » Thu Apr 26, 2012 8:28 pm

i sat in a SMS the other day where a member of web development team stated it only applied to 3rd party cookies, eg advert sites. then i showed him the pdf from ico, and asked why, if the ico dont advertise, do they carry the disclaimer. flumaxed
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Thu Apr 26, 2012 9:23 pm

At one time the ICO's site placed a cookie on the PC. I tested with konqueror browser because I found deleting specific cookies easier. I had the browser set to stop cookies and ask for permission. The ICO cms cookie just by passed everything and planted itself on my PC.

Shortly after emailing the ICO about it ... they put a statement up about several people reporting the issue and they were working on it. That notification is still in their Privacy policy but their site no longer puts a session cookie prior to consent.

I still find it interesting that Nominet say they only use first party cookies then say they use Google analytic cookies ? This would indicate that they consider the mew law only to a apply to 3rd party cookies. But is not Google analytics a 3rd party cookie ?
http://www.nominet.org.uk/cookies/ wrote:Nominet only use first-party cookies to track visitor interactions and do not collect any personal information. Browsers do not share first-party cookies across domains. Nominet use cookies to gather anonymous usage statistics via Google Analytics, which help analyse data about webpage traffic and improve our website in order to tailor it to customer needs. Nominet’s main website and online services also requires some cookies to function properly.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

satingoth
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Apr 03, 2012 12:50 pm

Re: European Electronic Communications Framework Compliance

Post by satingoth » Thu Apr 26, 2012 9:51 pm

Hi Guys,

Still working on it but here's an interesting one from Dave Evans, Group Manager for Business & Industry at the Information Commissioner's Office:

Q&A Session eConsultancy.com

And with regards to the law it is any information stored on the clients computer whether it be first party, third party or green party, so I suppose technically if the browser requests a webpage then that is being put on the clients computer and so we should ask that we can do it before they even load the page, but wait to be able to ask them then something would have to be put on their computer to ask them if we can put a webpage on their computer before we ask them if they want to accept anything. After all going to a website is implied consent not explicit consent as required by the directive!
“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.;”
Okay, the only answer to all this is to stop using the internet at all. Simples!

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: European Electronic Communications Framework Compliance

Post by mandville » Thu Apr 26, 2012 10:45 pm

satingoth wrote:Okay, the only answer to all this is to stop using the internet at all. Simples!
or plain html with out java etc? now wheres my prestel box.....
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

chrisjg
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Wed Jul 13, 2011 9:24 pm

Re: European Electronic Communications Framework Compliance

Post by chrisjg » Mon Apr 30, 2012 5:10 pm

Hi all,

Please visit my online playground ( http://kissjoomla.stempsite.co.uk ) where I have setup a possible solution for the upcoming EU cookie directive.
It is a Joomla! 2.5 install with only the session cookie being set on arrival.

Any feedback on this possible solution would be appreciated, but especially:

1. Is it easy for non-tech people to use?
2. Is it unobtrusive, but not invisible to visitors?
3. It it too obtrusive?
4. Would you be put off a website using this solution?

Additional: In a real site there would be a link to the cookie policy that would list all cookies, their function and other info. (like which parts of the site will not function without accepting cookies).

This solution will assume new modules/components do have cookies, and the site admin has to manually set it to no-cookies if there are none, I will be adding an admin side nag screen to prompt the review, and to update the module/component and cookie info to the cookies policy (automatically adds module name and states a cookie is set, but not any details)

Hopefully this will be enough for most admins.

So, whatever your thoughts on this law, your feedback about this possible solution is appreciated.

Chris.

PS - I may put the session cookie in the accept/decline list, but am not 100% sure about the effect this would have on site/database security.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: European Electronic Communications Framework Compliance

Post by abernyte » Mon Apr 30, 2012 5:36 pm

As the law stands at present, consent should be obtained before the session cookie is dropped. I know the great debate is, if or not the ICO will pursue the session cookie as a breach of the regulations and my feeling is not (IMHO) but we are where we are.
The Show Cookie Choice button will only work if the user is not blocking Javascript (silly user!) but I am perhaps showing my "old fart" prejudice on that.
This is interesting and does get us closer, as does the KookieGrab plugin, but sites that require to fully comply for legal, ethical or compliance reasons are still going to have to lose the session cookie on landing.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

chrisjg
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Wed Jul 13, 2011 9:24 pm

Re: European Electronic Communications Framework Compliance

Post by chrisjg » Mon Apr 30, 2012 6:05 pm

Thanks abernyte,

should have turned js off to make sure the fallback worked (it should have removed the button and displayed the "choice box", with the "no js" message at the top of the screen not the bottom - will fix it soon-ish)

I agree, I can see the ICO adding session cookies to their exemption clauses - or at least ignoring them, thereby never testing (proving) the law applies.

Do you know, by any chance, the effect on security that not having the session cookie set causes?
I have blocked it and run through the site without problems, but I have not done any hard testing (sql injection, xss, cookie poisoning, cookie hijacking) to see if it makes a difference - more or less secure.

Chris.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: European Electronic Communications Framework Compliance

Post by mandville » Mon Apr 30, 2012 6:19 pm

i can just see us all going to plain html pages with hta redirects to it to prevent direct page calls.
it is still not clear if none adverted hobby/personal sites are counted in the eu directive or not, or if people hosted outside the eu, and/or running a non eu business site require it if accessed by a eu resident
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Mon Apr 30, 2012 6:29 pm

@chrisjg

I like it just a few questions
  1. Is the show button necessary ?
  2. How would install in Joomla would it need placing in the default Template ?
  3. Where the message says it is showing the module could please put a Google analytics(or similar)
    So it can be tested to see the cookies being withheld then placed
I used Konqueror Browser (easier for isolating cookies per site) and on clicking the I accept cookies button
snapshot3.png
You do not have the required permissions to view the files attached to this post.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: European Electronic Communications Framework Compliance

Post by abernyte » Mon Apr 30, 2012 6:48 pm

mandville wrote: it is still not clear if none adverted hobby/personal sites are counted in the eu directive or not, or if people hosted outside the eu, and/or running a non eu business site require it if accessed by a eu resident
Regulation 6 of PECR, paragraph 2 a and b is an exemplar of clarity and brooks no exemption be the site hobby, personal or commercial.
The application of Reg 6 is another matter entirely.
The Regs equally apply to any site intended for or targeted at consumers in the EU regardless of where they originate. Applying that in the US should be fun as I have not noticed that process being bi-directional before.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

hayesjames
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Wed Feb 21, 2007 1:07 pm
Location: UK
Contact:

Re: European Electronic Communications Framework Compliance

Post by hayesjames » Mon Apr 30, 2012 6:57 pm

mandville wrote:i can just see us all going to plain html pages with hta redirects to it to prevent direct page calls.
it is still not clear if none adverted hobby/personal sites are counted in the eu directive or not, or if people hosted outside the eu, and/or running a non eu business site require it if accessed by a eu resident
I think you're right. After years of convincing clients to get away from website "enter" pages, it looks like going back that way is the easiest solution in the short term.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: European Electronic Communications Framework Compliance

Post by abernyte » Mon Apr 30, 2012 7:01 pm

Has anyone seen this solution the Analytics cookie before?
http://www.wolf-software.com/downloads/ ... analytics/
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Mon Apr 30, 2012 7:06 pm

Nice find but it only deals with Google analytics.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: European Electronic Communications Framework Compliance

Post by abernyte » Mon Apr 30, 2012 7:34 pm

They also list a jconsent script but I can't get it to work with Beez5 as a test. The installation instructions are a tad lacking.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: European Electronic Communications Framework Compliance

Post by Webdongle » Mon Apr 30, 2012 7:38 pm

But how would that prevent cookies from Joomla modules/components ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

chrisjg
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Wed Jul 13, 2011 9:24 pm

Re: European Electronic Communications Framework Compliance

Post by chrisjg » Mon Apr 30, 2012 7:51 pm

@Webdongle

Thanks for the screenshot. Does that happen on other Joomla sites when you login as a user with elevated viewing access levels?

The "accept" button is actually a login button for a default user with viewing privs. for a specified Viewing Access Level. The "block" button is a logout button. They both call the core login/out functions, so it _should_ behave in the same way as any Joomla site.

The show button is not necessary, but I would not want the accept/block displayed all the time. It could easily be removed, or be replaced with a link to an article that has the accept/block button embedded.

I would do this as a module, but it could be integrated into a template without too much trouble.

I will add a cookie to one of the modules so it can be seen to work, maybe the GA one, or maybe just a dummy one that expires at the end of the session.

The Wolf Software solution JPECR (http://jpecr.dev.wolf-software.com) requires you to find every place on your site that sets a cookie and place some code around it - so every time you add a module or component you have to go through the code. Not a nice prospect, and even worse if you are not a coder!

Cheers,

Chris.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4189
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: European Electronic Communications Framework Compliance

Post by abernyte » Mon Apr 30, 2012 7:52 pm

It doesn't. Blind alley! I am going back to sleep. :-[
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

markvts
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed May 02, 2012 8:41 am

Re: European Electronic Communications Framework.

Post by markvts » Wed May 02, 2012 8:46 am

So just to clarify where we are up to as this seems a complete badly thought out minefield.

I currently administrator around 120 Joomla sites for clients, mainly 1.5 - 2.5

Is the Joomla session cookie just used when login is involved as about half of the sites are just brochure sites with no login facility or is it used regardless ?

I'm guessing we're not likely to get a clear definition from ICO before the deadline as to whether the Joomla session cookie does require permission or not?

Thanks


Locked

Return to “Joomla! Ideas Forum”