EU cookies law

**gandalf458** · Aug 8, 2012 05:55

I'm trying somewhat belatedly to implement the EU cookies law in a simple way. Each page has the code

PHP Code:


if ( !isset($_COOKIE['pcookie']) ) {
 echo '<div id="cookies">This website uses cookies to help make it more useful and reliable. Continued use of the site indicates that you accept this policy. <a href="cookie-off.php">Don’t show this message again.</a></div>';
}>

and my cookie-off.php is:

PHP Code:


$back = $_SERVER['HTTP_REFERER'];
setcookie('pcookie', 'accepted', time()*86400*365);
header('Location: '.$back);

It works but only if I click the link about a dozen times. Is there I can do about this?

**Markdidj** · Aug 8, 2012 06:10

I don't like any of these cookie boxes that open. Instead I use an area (Named cookiejar

) That has one button, clicking it will make it go yellow allowing cookies to be set and when cookies are created they are added to the cookie jar. Each cookie can be read by the user, and I will try and make them as obvious to what they are as possible. Each cookie can be unset individually, or by unsetting "remember=yes" will delete all cookies. Any action that requires cookies (wide mode in my site), will alert the user first to let them know that function requires cookies. Have a look at the site in my sig to see how it works.

I've only been using the method since this EU directive was about a year old, and I'm hoping it will fit in with future developments. But I like it, and think it fulfills the objective well enough without being too intrusive to the design of the site.

As for your particular problem, have you seen the output for time()*86400*365? I don't think it's a valid date for cookies

**gandalf458** · Aug 8, 2012 06:39

Thanks Markdidj. Oops, that should be a +! time()+(86400*365). I think the law is an ass and am looking for the simplest way of complying.

**Markdidj** · Aug 8, 2012 06:41

Originally Posted by gandalf458

I think the law is an ass and am looking for the simplest way of complying.

I definately agree with you there gandalf. I already have prompt on cookie settings in my browser, and now I've got to do it again for the site! Daft to say the least!!

**StarLion** · Aug 8, 2012 09:52

global include: uk_comply.php

PHP Code:


if(!isset($_COOKIE['ukcomply']) && !isset($_GET['ukcomply']) {

   echo "You must blah de blah..."

   echo "<a href='".$_SERVER['PHP_SELF']."?ukcomply=1'>Click Here</a>";

  die();

}

setcookie('ukcomply',1,strtotime('+1 year'));

**gandalf458** · Aug 8, 2012 12:05

Thanks StarLion. That looks simpler. I'll give that a go...

**Rubble** · Aug 8, 2012 13:05

The UK seems to have have change its stance a bit at the last moment and if you look a lot of sites say something to the effect "This site uses cookies and if you procede you have accepted there use".
I am not sure how legal this is as by the time you have read it cookies have already been set!

I have not checked Amazon.co.uk lately but after the cookie law came in they were setting 15 cookies as soon as you landed on one of their pages. Supposedly shopping sites are allowed to use cookies as they are essential to the sites use but 15 seems a bit over the top for me and this was before you even logged in.

You could always use this code: https://github.com/michaelw90/cPrompt

**Markdidj** · Aug 8, 2012 13:27

Another site that fails with errors when I block cookies at browser level. So many do it?!?!

**gandalf458** · Aug 9, 2012 00:04

Originally Posted by StarLion

global include: uk_comply.php

PHP Code:


if(!isset($_COOKIE['ukcomply']) && !isset($_GET['ukcomply']) {
   echo "You must blah de blah..."
   echo "<a href='".$_SERVER['PHP_SELF']."?ukcomply=1'>Click Here</a>";
  die();
}
setcookie('ukcomply',1,strtotime('+1 year'));

The trouble with this is I get Warning: Cannot modify header information - headers already sent...

**guido2004** · Aug 9, 2012 00:49

Originally Posted by gandalf458

The trouble with this is I get Warning: Cannot modify header information - headers already sent...

I don't see a header() in that code?

Off Topic:

From the ICO cookie guidance:

For example, some websites ‘remember’ which version a user wants to access such as a version of a site in a particular language. If this feature is enabled by the storage of a cookie, then you could explain this to the user and that it will mean you won’t ask them every time they visit the site. You can explain to them that by allowing you to remember their choice they are giving you consent to set the cookie. Agreement for the cookie could therefore be seamlessly integrated with the choice the user is already making.

Really, how ridiculous can a law be! Of course, offering multilingual websites is just a sneaky way to collect sensitive prefered language info from our visitors...
A while ago I read about how cookies needed for the functioning of the website would be excluded from the consent rule, but apparantly not.

**gandalf458** · Aug 9, 2012 01:02

I don't see a header() in that code?

No but the code is included in all pages on the site and setcookie() tries to modify the headers.

**RichardAskew** · Aug 9, 2012 01:56

I know you wanted technical advice but you don't need to do any of this, just place a link to your privacy policy on your page and make sure you cover cookies in there:

http://www.andygambles.com/the-4-ste...ew-cookie-law/

**Rubble** · Aug 9, 2012 02:30

Things might be different for the OP Richard as he is based in Italy and not the UK. The implimentation of the law may not be the same there as it is in the UK.

**StarLion** · Aug 9, 2012 03:04

So insert that code into whatever header-sender you already have, before you start any ouptut.

**RichardAskew** · Aug 9, 2012 03:43

Originally Posted by Rubble

Things might be different for the OP Richard as he is based in Italy and not the UK. The implimentation of the law may not be the same there as it is in the UK.

Point taken but they are even more relaxed about it than the UK: http://globalsem.wordbank.com/global...ie-law-europe/

**gandalf458** · Aug 9, 2012 06:22

Thanks guys. I initially want to do this for a UK website although possibly others later.

I'm not sure at what point an HTML page send the headers so I'll just play...

**Markdidj** · Aug 9, 2012 06:53

HTML creates the headers as soon as something is sent to the screen. In server-side code Cookies are added to the headers, and headers must come before content. You cannot echo, print, write etc and then set headers

**StarLion** · Aug 9, 2012 08:33

the simple answer is "As soon as your script hits something that either outputs, or any unencapsulated space".

If there's a blank line at the top of your page, if there's a space before the < in <?php, headers get sent because the PHP engine sees that as HTML content.

**guido2004** · Aug 9, 2012 11:33

Or if there's an include with a blank line after the closing ?> tag (which is why it is recommended not to use the ?> closing tag at the end of your php files).

**gandalf458** · Aug 9, 2012 23:52

Many thanks guys for your advice. Much appreciated!

User Tag List

Thread: EU cookies law

Thread Tools

Display

EU cookies law

Bookmarks

Bookmarks

Posting Permissions