PHP 5: using a session cookie for site management, how to comply with EU cookie law?

Hello Experts,

this may be a dumb question; but...
How do developers initialize a cookie session and comply with EU cookie law at the same time?

if cookie declined, I am not sure how to manage sessions (via URL not an option, too insecure).

Thanks for your help...
epifanio67Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

käµfm³d 👽Commented:
I'll preface this by saying that I know nothing about European law, rules, etc., and I am in no way a lawyer, but from what I'm reading here:

https://ico.org.uk/for-organisations/guide-to-pecr/cookies/

...it looks like session-id cookies are exempt from the law:

Some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes. These cookies include cookies...also known as session-id cookies, multimedia player session cookies and user interface customisation cookies, eg language preference cookies to remember the language selected by the user.

Are you not permitted to maintain session state on your server? If you can, then you should only need the session ID cookie to get to the session on the server.

Have you consulted an attorney?
epifanio67Author Commented:
Thank you Kaufmed.... that helps...

I just accessed the site and noticed the popup asking if it was ok to leave cookies....

I don't believe the law prohibits maintaining a session state on the server...

I just want to make sure I am in compliance technically... no need for an attorney at the moment....
Dave BaldwinFixer of ProblemsCommented:
In general, session cookies are ok If they are not used to track personal info.  This page http://eucookielaw.org.uk/what-should-I-do-about-eu-cookie-law discusses the subject and has a couple of useful links to check things out.
Ray PaseurCommented:
Most EU sites seem to want a personal acknowledgement that it's OK to store a cookie on the browser.  They do this by sending a message that says, "We use cookies, please acknowledge that it's OK."  The message is accompanied by a form control that allows the client to click the "OK" and signal that cookies are acceptable.  Thereafter the cookie(s) can be used since the client has explicitly allowed it.

The cookie, of course, is not the issue here (governments are always behind technology).  It's the underlying database and network of information sharing services that collect and analyze client behaviors.  I can put a single cookie on a client browser and all that tells anyone is that the client browser can be recognized on a return visit.  For example, I can know if a client is "logged in."  The cookie seems benign in its simplicity and innocence.  But a cookie does not tell what behaviors I am tracking, what data I have collected, who I've shared the data with, what credit reporting agencies I've accessed, what IP address lookup services I've used, etc.  The cookie itself is much less than the tip of the iceberg, and the EU cookie laws (unenforceable in many countries) that address the cookies may be a "feel-good" patch for lawmakers, but they completely miss the point of privacy.

Some of the information on the EU Cookie Law web site is accurate, but it's way below comprehensive.  That aside, I like the idea of a popup that they speak of here, and it will probably cover your needs.
http://eucookielaw.org.uk/cookie-opt-in-for-my-website

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
epifanio67Author Commented:
Thank you experts for all of your help...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.