Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...advice for cookies on DNNadvice for cookies on DNN
Previous
 
Next
New Post
5/25/2011 6:03 AM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
AFAIK, the EU directive is not very clear about the cookies it refers to - whether it is for tracking cookies (used across multiple sites) only or covers session cookies as well (which seems to be the ICO cookie), which would affect millions of web sites.
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
5/25/2011 6:54 AM
 
Resource Group Ltd

Joined: 10/16/2007
Posts: 9
Thanks for the replies. This is why I was questioning DNN installs. I've een asked to find out if DNN can cater for this, if there's patch expected later on or a third party module should be installed if available or if we should create our own etc.

The details are a little fuzzy, paragraph 2 of the document states "It is aimed at those organisations which are starting to think about how they will comply with the new rules.". If we're not thinking about it, can we just continue as we are? OK that probably too literal....

what is concerning is the part that discusses language selection - "For example, some websites ‘remember’ which version a user wants to access such as version of a site in a particular language. If this feature is enabled by the storage of a cookie, then you could explain this to the user and that it will mean you won’t ask them every time they visit the site. You can explain to them that by allowing you to remember their choice they are giving you consent to set the cookie." If the message is shown in the site's default language that the visitor does not understand, DNN will be setting a cookie to change the language, only for them to decide they don't want to accept cookies.

If it really is session cookies they're referring to, then yes, millions of site will be affected and given the fact that these details have not really been "advertised" are we worrying unnecessarily?

Because of the details a sketchy, it hard to know if or how we comply with the new rules!
 
New Post
5/25/2011 7:40 AM
 
MH


Joined: 5/17/2011
Posts: 19
Sebastian Leupold wrote:
AFAIK, the EU directive is not very clear about the cookies it refers to - whether it is for tracking cookies (used across multiple sites) only or covers session cookies as well (which seems to be the ICO cookie), which would affect millions of web sites.

Looking through all the documentation I've found (including that provided by the UK's ICO) I cannot find anywhere that states that session cookies are exempt.  To quote the ICO document (which, I believe, is quoting the EU directive):-

"6 (1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment--
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.
“(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or access to, information--
(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user"

a session cookie is still stored on and accessed from the computer, even if only on a temporary basis so I can see no reason why it should be exempt - indeed, if session cookies were exempt I could see someone getting clever and bypassing the law, somehow, with session cookies.  However there may be some sort of exemption under 4b if they are purely used to log a user into a site.  The real killer is if you use the google analytics module in conjuction with these as this is now tracking activity rather than just enabling a logged in session.

Looking on the ICO website there is an e-mail address where you can query legislation so I have sent a query regarding the status of session cookies and also, if they are exempt, whether they remain exempt if you then use them for more than just "user is logged in" purposes - e.g. for storing preferences on the server side session object, etc.  I will report back when/if I hear more.

Looking at my cookies from this site there do seem to be persistent (albeit with expiry dates) cookies set, such as "portalroles" and "portalaliasid" and these would be covered, even if they were already set before the law came in (obviously, unless otherwise exempt, but I can't see why these would be exempt) so it looks like DNN needs to comply if it is to be usable in the EU, unless there is this unlikely exemption of session cookies and you can configure DNN to only use session cookies (can you do this?).  From the compliance side, the ICO site does say that it will (I'm guessing, unless people are being really abusing cookie usage) give companies a year to comply, so there should be sufficient time to add this facility.
 
New Post
5/26/2011 4:14 AM
 
Resource Group Ltd

Joined: 10/16/2007
Posts: 9
http://www.theregister.co.uk/2011/05/25/european_commission_cookies_directive/

I'm told that the UK have now officially agreed to the directive.
 
New Post
5/26/2011 4:40 PM
 
Ian Marlow


www.royal-southern.co.uk/
Joined: 2/20/2006
Posts: 876
Also from the register today explaining that so far all member states have failed to meet their own deadline ( surprise surprise ).
http://www.theregister.co.uk/2011/05/...

I wonder if this will pan out like the Disability and Discrimination act ( that obliges all website to provide accessibility features such as text size controls)
by which I mean another bit of law made by people who do not understand the subject, have no idea of how to actually implement and scant resources to enforce?

Right now this is not on my worry list at all and, given all the data mining taking place on many peoples online "profile" data by "non-evil" and "probably evil" companies, it seems to me that this cookie legislation is a bit like a using a band-aid to patch a leak on the Titanic.

Sigh!

Ian


Mutate and Survive
 
 Page 2 of 4
Previous1234Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...advice for cookies on DNNadvice for cookies on DNN


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out