Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EVOcookie and EU Privacy again #2003

Open
webkarli opened this issue Aug 13, 2021 · 2 comments
Open

EVOcookie and EU Privacy again #2003

webkarli opened this issue Aug 13, 2021 · 2 comments

Comments

@webkarli
Copy link

I think this is not only a problem in the EU, because other countries are also dealing with more data protection. The experience in the EU could be a pattern there.
I still have the problem that I can not turn off the evocookie for the normal site visitor, although it is not technically mandatory. In some EU countries this is a legal violation and has also been punished.

Sirfranz had suggested in another thread as a radical solution to generally disable the session start in core\bootstrap.php. Problem: You can't log in anymore.

I additionally bound the setting of the cookie to the manager like this:

old:

if ((! is_cli() && session_status() === PHP_SESSION_NONE) && (!defined('NO_SESSION'))) {
    startCMSSession(); // start session
}

new:

if ((! is_cli() && session_status() === PHP_SESSION_NONE) && (!defined('NO_SESSION') && strpos($_SERVER["REQUEST_URI"],"manager")!==false )) {
    startCMSSession(); // start session
}

In the first tests it worked quite ok. But I don't know if it is problematic to bind the evocookie to the presence of "manager" in the $_SERVER["REQUEST_URI"].
I also hope it's not a problem safety-wise.

My questions:

Can this work in general? Where can this lead to conflicts? Is it safe?
Can this or a similar solution be implemented in general and linked to the configuration (Fronent Session: on/off)?

Or if it is better to use the evocookie in general, then I ask for one or two sentences of justification that also satisfies the data protectionists.

Translated with www.DeepL.com/Translator (free version)

@WebCrew
Copy link

WebCrew commented Jul 14, 2023

As far as I know you can make use of session cookies also in EU.

The only thing is you have to tell your visitors immediately, i.e. a warning popup appears in which "all" cookie functions are explicitly pointed out. Then before a user may want to register with you (depending on the website structure), you also need this cookie warning and the new user must first give their consent that they agree to cookies. It is therefore not urgently necessary to manipulate the session cookies.

Kind regards, Andreas ;)

@elcreator
Copy link

Inability to login after disabling cookies was fixed 2c4a0dc . Could you please recheck?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants