Is it possible to operate Kirby in such a way that no cookies are set for page visitors? I want to run my installation in such a way that the cookie function is only used for the panel. I am very concerned that with the entry into force of the new EU regulation, a cookie operation with kirby could become a problem.
Kirby shouldn’t be setting any cookies if no session is started. And that only happens in the Panel by default.
Also, required cookies (meaning: cookies used for sessions and login purposes) are not subject of the EU regulation, only tracking cookies (I’m not a lawyer and this is no legal advice, but might be a good starting point).
I can’t reproduce this. Are you using a fresh StarterKit without any plugins? Have you made sure to remove Panel cookies before loading the start page? What Kirby version are you using?
No, I dont have a multi language setup as showing here: https://getkirby.com/docs/languages/setup
The only locale related options are
c::set('date.handler', 'strftime'); c::set('timezone','Europe/Berlin'); c::set('setlocale','de_DE.UTF8'); setlocale(LC_ALL, 'de_DE');
Toolkit Version: 2.4.1
Kirby Version: 2.4.1
Panel Version: 2.4.1
If I login at the panel, kirby adds another cookie.
I use the following plugins:
- image-shrink (https://github.com/schnti/kirby-image-shrink)
- comments (https://github.com/Addpixel/KirbyComments)
- embed (https://github.com/distantnative/embed)
- textarea (https://github.com/medienbaecker/kirby-enhanced-textarea/tree/autocomplete)
- Webmentions (https://github.com/sebsel/seblog-kirby-webmentions/)
Only webmentions and feed works already on the start page.
I just downloaded a 2.4.1 Starterkit and yes, it starts a session. I thought that issue had been removed earlier, at least accordion to GitHub. Any chance to update to a newer version?
Made an update now to version 2.5.9 on a test system. Overwritten the old folders “kirby” and “panel” with the new ones. Deleted all cookies via “Developer Tools” of Firefox.
No changes. The system sets still a cookie called “kirby_session”. Same behaviour on icognito mode of Firefox.
Could you please try again with a fresh starterkit of 2.5.9 without any modifications? Because the Kirby website (which runs on Kirby 2.5.9 at the moment) as well as other sites I have tested don’t have this issue.
Quick Feedback: I made a new setup under http://fresh.libralop.de/. The fresh system does not set cookies. Later on, I will install my plugins step by step and configure the necessary localization in config.php. Stay tuned.
The setting of cookies seems to be caused by a file in the old (kirby 2.4.1) folders “content”, “snippets” or “templates”. Since I didn’t delete them during yesterday’s update, the new “panel” and “site” folders (kirby 2.5.9) couldn’t take effect either.
Apparently they call a function that sets cookies. This must be one of the core functions of kirby, because the snippets and templates adhere closely to the documentation at https://getkirby.com/docs.
However. I will now set up my site again and observe exactly where the cookies creep in. I then report back here in the forum, either with a find or the message that everything works like magic without cookies.
First of all, I have to apologize. The reason for my problem was myself. (Off topic: Seems to be the story of my life.) I have added code to my header snippet that provides logged in users some additional informations.
<?php if($user = $site->user()): ?> <!-- show some yadda yadda --> <?php endif ?>
The unexpected cookies crept in with “$site->user ()”, a function that returns “the currently logged in $user object” (https://getkirby.com/docs/cheatsheet/site/user). This was finally the only, but for me very inconspicuous deviation from the standard code.
This also explains why an update to the new version did not change anything. The header file was simply never touched.
Thanks to the staff for your patience!
No issue at all, thanks for getting back!