Don't use session for multilang because of EU regulations

Kirby 2 Suggestions šŸ’”
21

Is it worth adding a feature request for a config option?

c::set('language.cookie', false) => No cookie for example

1 Like
22

I would appreciate a solution to get 100% cookie free and multi-lingual at the same time. :+1:

1 Like
23

I did my first PR on Kirby :smiley:
Hopefully I didnā€™t get this wrongā€¦

24

I think it would probably make more sense to check if site is multi-lang first, and then check for that option?

25

Sounds right. Or maybe in the same if statement?
if($this->site()->multilang() && $language = $this->site()->language() && c::get('language.cookie'))

As I mentioned in the PR, it might be better to leave the cookie set as default with:
if($this->site()->multilang() && $language = $this->site()->language() && c::get('language.cookie', true))

26

The option should probably also be added to the defaults in kirby.php, then you would not need the default in your check, I guess.

27

Even better. Do we agree it should be left as true by default?

28

Yes, I think so (and some more characters).

30

This is now fixed on the dev branch.

1 Like
31

I just got a quick question that kinda fits here.

Is the session cookie really needed as soon as there is a login-form on the website?
Wouldnā€™t it be possible to only set the cookie as soon as the login form is used?

32

As far as I know, you donā€™t really have to nag your users for session cookies:

Cookies clearly exempt from consent according to the EU advisory body on data protection include:

  • userā€‘input cookies (session-id) such as firstā€‘party cookies to keep track of the userā€™s input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
  • authentication cookies, to identify the user once he has logged in, for the duration of a session
  • userā€‘centric security cookies, used to detect authentication abuses, for a limited persistent duration
  • multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
  • loadā€‘balancing cookies, for the duration of session
  • userā€‘interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
  • thirdā€‘party social plugā€‘in contentā€‘sharing cookies, for loggedā€‘in members of a social network.

http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

And after clicking on that link, open your JS Console and write document.cookie and look at that cookie the EU website just stored on your computer without asking. :wink:
(Mine contained information about my referer - clearly an information needed for no technical reason, but for trackingā€¦)

2 Likes