Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PHP 5: using a session cookie for site management, how to comply with EU cookie law?

Posted on 2015-02-05
5
262 Views
Last Modified: 2015-02-06
Hello Experts,

this may be a dumb question; but...
How do developers initialize a cookie session and comply with EU cookie law at the same time?

if cookie declined, I am not sure how to manage sessions (via URL not an option, too insecure).

Thanks for your help...
0
Comment
Question by:epifanio67
5 Comments
 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 167 total points
ID: 40592069
I'll preface this by saying that I know nothing about European law, rules, etc., and I am in no way a lawyer, but from what I'm reading here:

https://ico.org.uk/for-organisations/guide-to-pecr/cookies/

...it looks like session-id cookies are exempt from the law:

Some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes. These cookies include cookies...also known as session-id cookies, multimedia player session cookies and user interface customisation cookies, eg language preference cookies to remember the language selected by the user.

Are you not permitted to maintain session state on your server? If you can, then you should only need the session ID cookie to get to the session on the server.

Have you consulted an attorney?
0
 

Author Comment

by:epifanio67
ID: 40592083
Thank you Kaufmed.... that helps...

I just accessed the site and noticed the popup asking if it was ok to leave cookies....

I don't believe the law prohibits maintaining a session state on the server...

I just want to make sure I am in compliance technically... no need for an attorney at the moment....
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 166 total points
ID: 40592094
In general, session cookies are ok If they are not used to track personal info.  This page http://eucookielaw.org.uk/what-should-I-do-about-eu-cookie-law discusses the subject and has a couple of useful links to check things out.
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 167 total points
ID: 40593436
Most EU sites seem to want a personal acknowledgement that it's OK to store a cookie on the browser.  They do this by sending a message that says, "We use cookies, please acknowledge that it's OK."  The message is accompanied by a form control that allows the client to click the "OK" and signal that cookies are acceptable.  Thereafter the cookie(s) can be used since the client has explicitly allowed it.

The cookie, of course, is not the issue here (governments are always behind technology).  It's the underlying database and network of information sharing services that collect and analyze client behaviors.  I can put a single cookie on a client browser and all that tells anyone is that the client browser can be recognized on a return visit.  For example, I can know if a client is "logged in."  The cookie seems benign in its simplicity and innocence.  But a cookie does not tell what behaviors I am tracking, what data I have collected, who I've shared the data with, what credit reporting agencies I've accessed, what IP address lookup services I've used, etc.  The cookie itself is much less than the tip of the iceberg, and the EU cookie laws (unenforceable in many countries) that address the cookies may be a "feel-good" patch for lawmakers, but they completely miss the point of privacy.

Some of the information on the EU Cookie Law web site is accurate, but it's way below comprehensive.  That aside, I like the idea of a popup that they speak of here, and it will probably cover your needs.
http://eucookielaw.org.uk/cookie-opt-in-for-my-website
0
 

Author Closing Comment

by:epifanio67
ID: 40594676
Thank you experts for all of your help...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question