Hi,
An EU law requiring websites to obtain opt-in consent from website users before any non-essential cookies back be placed on their computer recently came into force in the UK. Roundcube uses cookies for things like remember the position of the splitters on the mail screen. This isn't essential to the operation of the site and so consent must be sort from the user before these cookies can be saved on their computer.
I have created a very simple plugin which displays a banner to the user asking them if they wish to use cookies or not and if they choose not then it disables the JavaScript cookie methods. It also adds a new option in the general settings page to allow the user to change their cookie settings any time they want.
This plugin blocks cookies created via JavaScript. The only JavaScript cookie not blocked by this plugin is the one created by googiespell since that uses slight different methods of the rest of RC. These are the only cookies in the RC core which appear to be non-essential. There is one session cookie created in the PHP as part of the security that is essential and so exempt from opt-in.
This is only a first go at a cookie opt-in system for RC and I'm sure it's not perfect, any feedback welcome. I am wondering it might be better to simply give an "accept and close" option rather than the choice of accepting or blocking.
Phil
The "Cookie Law" states that functional cookies are allowed at any time. That means that you can save website settings and session information to keep track of logins. It also means that when you use for example, Google Analytics or some add provider, you do need to ask permission to place your cookies. Also, the law doesn't actually say anything about cookies, it talks about "storing information on the client computer". That also means that all other forms of cookies (flash, html5 storage e.d.) are covered by that law.
On Sat, Jun 9, 2012 at 9:26 AM, Phil Weir roundcube@tehinterweb.co.ukwrote:
Hi,
An EU law requiring websites to obtain opt-in consent from website users before any non-essential cookies back be placed on their computer recently came into force in the UK. Roundcube uses cookies for things like remember the position of the splitters on the mail screen. This isn't essential to the operation of the site and so consent must be sort from the user before these cookies can be saved on their computer.
I have created a very simple plugin which displays a banner to the user asking them if they wish to use cookies or not and if they choose not then it disables the JavaScript cookie methods. It also adds a new option in the general settings page to allow the user to change their cookie settings any time they want.
This plugin blocks cookies created via JavaScript. The only JavaScript cookie not blocked by this plugin is the one created by googiespell since that uses slight different methods of the rest of RC. These are the only cookies in the RC core which appear to be non-essential. There is one session cookie created in the PHP as part of the security that is essential and so exempt from opt-in.
This is only a first go at a cookie opt-in system for RC and I'm sure it's not perfect, any feedback welcome. I am wondering it might be better to simply give an "accept and close" option rather than the choice of accepting or blocking.
Phil
Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
On 11.06.2012 08:25, Peter Overtoom wrote:
The "Cookie Law" states that functional cookies are allowed at any time.
As I understand it, the rule is that cookies which are essential for the website to work. In roundcube's case cookies like the ones which store the position of the splitters on the mail, address book and settings screens are not essential for the website to work and so strictly speaking permission is required for these.
I decided that trying to make something which tries to disable these non essential cookies is asking for trouble. Apart from the fact that googiespell and tinymce do cookies their own way there is also plugins and other skins which might also write their own cookies. So a safer solution is just to tell the user that cookies are being created and asking them to acknowledge that they have seen the message by pressing accept. Then none of the behaviour of roundcube needs to be changed in any way. The latest version of the plugin is here https://github.com/JohnDoh/Roundcube-Plugin-Cookie-Opt-In
Phil