Jump to:

23368 Posts in 18145 Topics by 2863 members

General Questions

SilverStripe Forums » General Questions » Cookie permissions and UK regulations

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2
Go to End
Author Topic: 2056 Views
  • SuperBlues
    Avatar
    Community Member
    25 Posts

    Cookie permissions and UK regulations Link to this post

    Hi All,

    As you may be aware there is new legislation being introduced in the UK very soon about the use of cookies and the user having the choice to accpet the cookies or not when browsing a website.

    I have a number of SS websites and wondered if anyone has any simple solution to this issue so that we are compliant with the regulations and the user experience is not hindered.

    I thought maybe jquery pop up on the first page the user gets to to either accept cookies or to decline them and if declned the user is sent to a static page?

    Any suggestions please?

    Thanks.

  • jpmcc
    Avatar
    Community Member
    14 Posts

    Re: Cookie permissions and UK regulations Link to this post

    Did you come up with a solution? As far as I can tell, session cookies are exempt as it can be argued they are integral to the site's operation. Therefore it is other types of cookies you need to worry about, e.g. analytics cookies and any other cookies your site may use.

  • swaiba
    Avatar
    Forum Moderator
    1784 Posts

    Re: Cookie permissions and UK regulations Link to this post

    Hi jpmcc,

    Welcome to the forums!

    that is my understanding - if the user requests something that requires some tracking then permission is implict - if you are tracking them without their knowledge for something they didn't obviously intend then you need to do some work.

    This gives me another opportunity to post this video poking a little fun at the issue...
    http://www.youtube.com/watch?v=arWJA0jVPAc

  • jpmcc
    Avatar
    Community Member
    14 Posts

    Re: Cookie permissions and UK regulations Link to this post

    There are some core behaviours to address also. If session cookies are OK, the users should still be able to register with a site and log in, however if they have rejected the use of other cookies, then the "remember me" functionality shouldn't be allowed, nor tracking the user as a past member.

    The first issue can be overcome by subclassing the the MemberLoginForm, checking your current situation regarding cookie permissions and then removing the checkbox to "remember me" from the field list before the form is rendered. (edit: alternatively come up with your own login form)

    For the past member cookie, however, that is set in the Controller init method. You need to call parent::init() in our own controller's init method otherwise Silverstripe issues an error, therefore so far the only way I can see to avoid that cookie is a little bit of direct editing of the Controller class. The code that would normally set the cookie is just wrapped in a cookie preference check, which I have set in a protected member of the child controller class, but also in a session variable so it can be accessed elsewhere.

    Regarding requesting permission, I have created a form that will appear on any page, after about 1 second, if the user has not yet set a preference. The user can choose to dismiss the form (sliding to the top of the screen where it can be recalled), but it will keep appearing until a preference has been set. Once the preference has been set, that value is then, oddly, saved as a cookie. Saving the user's cookie preferences in a cookie is also apparently allowed, whether or not their preference is to allow or deny cookies.

    Within my main page controller init, I check for the existence of the preference cookie, if I find it then it is used to set the session preference. If there is no preference, then the request form is added to the template. That check is carried out before calling the parent init method.

    e.g.

    public function init(){
    $this->checkCookiePreference();
    parent::init();
    /*
    * Any other init code here...
    */
    }

    The cookie preference can then be checked in a template call to see whether analytics code should be added etc.

    btw enjoyed the video. As the video points out, the request form will become annoying, but what can you do?

    Cheers,
    Jason

  • swaiba
    Avatar
    Forum Moderator
    1784 Posts

    Re: Cookie permissions and UK regulations Link to this post

    then the "remember me" functionality shouldn't be allowed

    I would say it is allowed - I've gone into more detail on this and if the users asks for something that can only be achieved by tracking then permission is implicit. the issue is when the user is tracked without any knowledge (therefore there can be no permission at all). Those are the cases that will be heard first.

    Personally I am going to wait and see what the industry does as a whole may 2012

  • jpmcc
    Avatar
    Community Member
    14 Posts

    Re: Cookie permissions and UK regulations Link to this post

    Good point. See, it is all open to a bit of interpretation.

    I think I'll stay with the remember me being disabled for the time being as it is all working.

  • swaiba
    Avatar
    Forum Moderator
    1784 Posts

    Re: Cookie permissions and UK regulations Link to this post

    Try watching these videos - the ico guy (who I cannot stop thinking made that horrible banner) gives a talk on the "spirit" of the law...

    http://www.youtube.com/watch?v=e8s76UuP2tg

  • jpmcc
    Avatar
    Community Member
    14 Posts

    Re: Cookie permissions and UK regulations Link to this post

    That is jolly helpful! Cheers.

    2056 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.