« Don't update log_online for certain actions
The Cookie Law (in the UK at least)
Body tag classes »

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #105, on May 18th, 2012, 06:13 PM »
It's not likely that the government sites are going to comply any time soon, by the looks of it.

For my part I'd be quite happy to ditch the whole session cookie in Wedge so we're compliant by default, as it were, but I don't think that's going to go down so well...
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

Nao

  • Dadman with a boy
  • Posts: 16,082

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #107, on May 18th, 2012, 06:28 PM »
Well, the problem's still there, it's still written into law, and just because the ICO is toothless doesn't mean it won't try gumming people for compliance.

If a test case does emerge, though, and the ICO does issue a penalty, it might have an effect...

nolsilang

  • Lurking <i class=
  • Posts: 106

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #109, on May 20th, 2012, 06:39 PM »
Interesting approach. Note that they're essentially saying 'you cannot use this site until you at least agree to cookie use'.

Nao

  • Dadman with a boy
  • Posts: 16,082

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #111, on May 20th, 2012, 06:59 PM »
Yup yup, and with all the SEO nightmare attached to that, of course. But in this case it doesn't matter as it's not really stuff designed for search engines.

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #112, on May 20th, 2012, 07:36 PM »
Quote from Arantor on May 20th, 2012, 06:39 PM
Interesting approach. Note that they're essentially saying 'you cannot use this site until you at least agree to cookie use'.
I think the reality is that this will be the norm and it's pretty much what I've done with my sites. I know you're concerned about SEO and spiders but they seem unaffected and happily munch their way through our content.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #113, on May 20th, 2012, 07:37 PM »
Well, that's the thing - if you force users to agree to cookies before you get to any content, you're permanently going to be blocking spiders, no?

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #114, on May 20th, 2012, 09:47 PM »
Depends on how you do it. I've added a small amount of code in index.template.php which tests to see if cookies have been accepted and if not, the main menu bar isn't displayed[1]. That lets spiders crawl the message content - and there's a sitemap to help them - and they can get at our (Aeva) gallery.

I *think* we're compliant - and thanks, btw, for the heads-up on Nibongo's multi-quote mod whose cookie I've now added to our list.
 1. Most actions are blocked in index.php by Emanuele's mod, if cookies haven't been accepted.
Re: The Cookie Law (in the UK at least)
« Reply #115, on May 25th, 2012, 07:38 AM »Last edited on May 25th, 2012, 08:01 AM
There is one aspect that has not been addressed at all. Many browsers are configured by their users to send a "Do Not Track" code in the request header. It should be noted that "Do Not Track" is an American initiative and may well form the basis of Cookie Laws there.

"Do Not Track" can be tested server-side by the following code:

Code: [Select]
$DoNotTrackHeader = "DNT";
$DoNotTrackValue = "1";

$phpHeader = "HTTP_" . strtoupper(str_replace("-", "_", $DoNotTrackHeader));

if((array_key_exists($phpHeader, $_SERVER)) and ($_SERVER[$phpHeader] == $DoNotTrackValue))
{
        // Do Not Track is enabled
}

else
{
       // Do Not Track is not enabled
}

As the default browser setting is "off" (ie DNT is not set), the user has made a conscious decision that he doesn't want to be tracked as he goes from web site to web site. Currently trackers such as Google do not honour this setting but should we do so? I ask this because a user may have a perfectly valid complaint if he has already enabled "Do Not Track", has accepted SMF Cookies and discovers that Google Analytics (or tracking cookies) have been set.

It might therefore be wise to test for DNT and not include the GA code in Subs.php when serving the page if DNT is set.

Mark

nolsilang

  • Lurking <i class=
  • Posts: 106

Nao

  • Dadman with a boy
  • Posts: 16,082
Re: The Cookie Law (in the UK at least)
« Reply #117, on May 25th, 2012, 08:22 AM »
Err... Since when do we have GA code in Wedge anyway? :lol:

The only thing I don't understand is that I regularly get GA cookies in Opera on my Wedge.org tabs, and I don't have GA anywhere on Wedge.org, so where does that come from..?!

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #118, on May 25th, 2012, 11:49 AM »
@Ox - The BBC is using Geo-location to determine whether or not to seek cookie acceptance which better minds than mine reckon is a bit dangerous.

@Nao - I'm not suggesting that Wedge will serve GA cookies "out of the box" but someone's bound to write a plug-in for GA as there will be those who want it. And yes, Wedge.org is, or has been, definitely setting GA cookies.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #119, on May 25th, 2012, 12:30 PM »
The Noisen code seems to include Google Analytics, but the Wedge mainline code certainly does not, and I'm assuming that the cookies are still legacy of that.

FWIW I never visited Wedge.org on this PC until after the change to Wedge itself and I do not have the GA cookies present.
« Don't update log_online for certain actions
Body tag classes »