Loading...
 
Features / Usability

Features / Usability


cookies in TikiWiki

posts: 12

Hello All,
im new here and just setting up a testing page. I tried to avoid cookies for anonymous visitors, consent..., so i activated silent sessions.
Im trying to setup a tiki page https://www.slowbridges.de/18.x/tiki-index.php, and turned silent sessions on to avoid setting cookies for anonymous. anyways 4 cookies are distributed. javascript_enabled, local_tz, PHPSESSIDCV, PHPSESSID. This was reproducable in all cases for javascript_enabled cookie in chromium an firefox.

any ideas why they are set/how to deactivate them?

Thanks in advance
Tobi

posts: 38 France
  • PHPSESSID is set by PHP, not by Tiki.
    You can change the name of PHPSESSID in tiki-admin.php?page=general#contentadmin_general-2
  • PHPSESSIDCV is added by Tiki in tiki-setup_base.php as "extra_validation" against session collisions.
  • local_tz is for local timezone in case dates need to be displayed in the timezone of the viewer.
  • javascript_enabled is Tiki's attempt at figuring out if javascript is enabled, so as to provide HTML/CSS-only fallbacks of stuff which normally requires javascript (menus, etc). It's kind of obsolete because so many new useful things coming from third-party packages don't have any html/css fallbacks. And there is little motivation for customers to finance developping less functional variants of features. So it's not 100% usable with javascript any more.


That's all I know

posts: 210
Jean-Marc Libs wrote:
  • PHPSESSID is set by PHP, not by Tiki.
    You can change the name of PHPSESSID in tiki-admin.php?page=general#contentadmin_general-2
  • PHPSESSIDCV is added by Tiki in tiki-setup_base.php as "extra_validation" against session collisions.
  • local_tz is for local timezone in case dates need to be displayed in the timezone of the viewer.
  • javascript_enabled is Tiki's attempt at figuring out if javascript is enabled, so as to provide HTML/CSS-only fallbacks of stuff which normally requires javascript (menus, etc). It's kind of obsolete because so many new useful things coming from third-party packages don't have any html/css fallbacks. And there is little motivation for customers to finance developping less functional variants of features. So it's not 100% usable with javascript any more.


That's all I know


Little motivation? IMHO the law (!) should be motivation enough. Setting cookies without prior express consent by the user is a violation of the GDPR. Also, there is a court ruling of EuGH that lead to the entire cookie thing becoming Opt-In only (Google "Planet49"). It is also against the law to stipulate consent by displaying pre-set checkboxes. Checkboxes must not be pre-set, the user has to activate everything all by himself/herself. Dark patterns are also a violation of GDPR. If a user denies cookie consent, presentation of the website may become limited, but cookies must not be used without consent. None whatsoever.

Do no take the GDPR lightly. There are heavy fines against violations, up to maximum of 20 million Euro or 4% of a year's turnover (not profit!), whichever is higher.


posts: 12

Hello Jean-Marc, thanks for the thorough answer. With this hints i ll try to find out, how to avoid distributing the cookies.
And report back in case of success.
Tobi