BetterPHP

The UK recently (within the past year) have implemented a new law to do with cookies, and declaring that you are using cookies.

An easy way to comply with this law is to setup an alert, saying you use cookies. However, this isn't useful or practical.

So we have come together and built a service which requires you only include a single line of JavaScript into your page, and it will do it for you.

If the user has previously agreed to cookies, then it will never show again (unless cookies get cleared, since we store this data via cookies), however if you say no, then you will be asked each and every time you come across this code.

The idea is that multiple websites will use the same code, which will then allow then to comply with the law, and not pester their users over and over again.

I know that myself, I am getting rather annoyed with seeing different messages on multiple websites, when I accept it once, it should allow me to accept on them all.

So, We have created that. And it is ready for testing, so I ask you to please go and visit our website, and try it out.

Any feedback will be greatly appreciated.

Thank you

http://cookiecommons.com

Seemsl ike a good idea.

EcazS wrote:Seemsl ike a good idea.

Thank you

The law is that the user has to agree to cookies from the specific website they have already agreed to cookies in general in their browser settings window. Also I think it only covers personal information, so if you just use the session id in the cookie you are still fine.

jacek wrote:The law is that the user has to agree to cookies from the specific website they have already agreed to cookies in general in their browser settings window. Also I think it only covers personal information, so if you just use the session id in the cookie you are still fine.

I believe this is correct, they only have to agree to use cookies if it's using personal information.
I am unclear about this though, since you're storing something on their computer they may have to agree to that also.

EcazS wrote:I believe this is correct, they only have to agree to use cookies if it's using personal information.

I honestly don't care that much a 32 character random string is not something everyone needs to know I'm storing.

From http://www.ico.gov.uk/for_organisations ... okies.aspx

Exemptions from the right to refuse a cookie

The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.

That covers the php session ID so I'm safe

This law is ridiculous anyway, everyone has a choice in their browser settings !

jacek wrote:From http://www.ico.gov.uk/for_organisations ... okies.aspx

Exemptions from the right to refuse a cookie

The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.

That covers the php session ID so I'm safe

This law is ridiculous anyway, everyone has a choice in their browser settings !

Indeed it is. However, this script is a safe-haven to ensure that you comply.

if they refuse, you can still set cookies, sicne they have been warned, it just means they will see the warning every single time.

Also, please could you implement it anyway, for beta purposes?

Thanks.

bowersbros wrote:if they refuse, you can still set cookies, sicne they have been warned, it just means they will see the warning every single time.

Making the confirmation a bit pointless

bowersbros wrote:Also, please could you implement it anyway, for beta purposes?

I tested it locally and it seemed to work, not sure I like you adding a stylesheet to the body tag though since that makes the page invalid.

I still think the law says that the warning and confirmation has to be per-werbsite not just a general one ?

jacek wrote:

bowersbros wrote:if they refuse, you can still set cookies, sicne they have been warned, it just means they will see the warning every single time.

Making the confirmation a bit pointless

bowersbros wrote:Also, please could you implement it anyway, for beta purposes?

I tested it locally and it seemed to work, not sure I like you adding a stylesheet to the body tag though since that makes the page invalid.

I still think the law says that the warning and confirmation has to be per-werbsite not just a general one ?

It doesn't specify.

Also, We have changed it so it should be in the head tag, so try it again maybe?

Also, the law only states that they have to be told, not that they have to disable cookies if the person doesn't want it.

bowersbros wrote:Also, We have changed it so it should be in the head tag, so try it again maybe?

Still seems to work

jacek wrote:

bowersbros wrote:Also, We have changed it so it should be in the head tag, so try it again maybe?

Still seems to work

what do you mean by wokr?

are the link tags in the head or body for you?

The head now And I mean I got the box appearing

jacek wrote:The head now And I mean I got the box appearing

Ah good

It is for a hackathon. Hope people like it.

A whitelist of themes would not hurt http://cookiecommons.com/cc.js?template ... HHHHHHHHHH

jacek wrote:A whitelist of themes would not hurt http://cookiecommons.com/cc.js?template ... HHHHHHHHHH

The white list is on the website, click advanced and click a button, and we generate the code for you.

bowersbros wrote:The white list is on the website, click advanced and click a button, and we generate the code for you.

But I can still mess with the script there. See the link

That just makes the script do nothing. Which if you edit it manually, to a value that isn't set, is sort of to be expected.

What return were you expecting by adding an invalid template?
A default colour?

bowersbros wrote:What return were you expecting by adding an invalid template?
A default colour?

That's what I would have it do

jacek wrote:

bowersbros wrote:What return were you expecting by adding an invalid template?
A default colour?

That's what I would have it do

Okay, i'll get it to default to gray later then.

Our idea behind not doing that, was that if somebody manually changes the template, then if it fucks up, its their fault.

Since our website generates the code needed for each colour depending on which you choose; any alteration on that is a colour that doesn't exist for our system currently.

bowersbros wrote:Our idea behind not doing that, was that if somebody manually changes the template, then if it fucks up, its their fault.

True, but looking from the point of someone trying to exploit the system. Finding that they can enter any value in the theme field might make them dig deeper instead of giving up.