EU Cookie Law

briano_de_rhino · October 16, 2012, 11:08am

Hi guys,

I need to know how to detect all the cookies on my sites and identify them.

I went to Tools/Page Info and I have a firefox plugin for cookies. Which shows me only one cookie ( d4dad6935f632ac35975e3001dc7bbe8 ). I have no idea what this cookie is for.

I know the cookie law is pants but my workplace insist I comply with all laws so…

Many thanks,
Brian.

molona · October 16, 2012, 1:50pm

Just got to FF options > Privacy and you will see a link that reads “individual cookie deletion” or similar (I don’t know the exact wording because mine is not is English)

There you can see all cookies classfied in folders that represent the site.

briano_de_rhino · October 16, 2012, 3:53pm

Thanks!

Only one cookie and it is d4dad6935f632ac35975e3001dc7bbe8. Which means nothing to me. I googled it but I still cant figure out where its from or if its one of the functional cookies that the EU cookie law says you dont have to warn the user about.

SpacePhoenix · October 16, 2012, 4:10pm

Have a look where the server stores sessions, that cookie might be the one used for the session id

Mikl · October 16, 2012, 4:28pm

[FONT=verdana]Are you responsible for developing and maintaining the site? If so, then surely you know what cookies you are storing? You shouldn’t have to rely on your browser to tell you. If you’re not involved in maintaining the site, then you should ask the person who is.

In any case, using a browser tool or a plug-in to detect your cookies won’t help you comply with the law. It can only tell you what cookies are being stored. The important thing is how they are being used. Only someone who is involved with developing the site can know that.

Mike[/FONT]

briano_de_rhino · October 16, 2012, 5:20pm

I am new to web design (just finished an intensive one year course in html and css and tiny bit of JS) and maintain an existing site for work. The existing site was built with Joomla which I know nothing about and I thought we didnt use any cookies but upon using the browser to find out it says we use a cookie called d4dad6935f632ac35975e3001dc7bbe8 which isnt much use to me to know what the hell it is used for.

briano_de_rhino · October 16, 2012, 5:21pm

It says that the cookie expires when the session ends…

molona · October 16, 2012, 8:07pm

Then, when the session ends, the cookie is not valid any longer and it will be re-created in the next session when he visits that particular website. It looks that it is a session cookie

Mikl · October 17, 2012, 10:05am

[FONT=verdana]Whether or not this is a session cookie isn’t really relevant. The EU law applies equally to session cookies and persistent cookies.

What you have to decide is whether the cookie is essential for the operation of the site. If it is not, then you fall within the scope of the law and must obtain the visitor’s consent. (I know that’s an oversimplification, but you were asking for technical advice, not legal.)

Since you are using a third-party platform (Joomla), and since you have no control over what cookies that platform uses (now or in the future), it would be prudent to assume that the site does use non-essential cookies, and to proceed accordingly.

Mike[/FONT]

briano_de_rhino · October 17, 2012, 10:12am

Thanks for that Mike.

molona · October 17, 2012, 6:04pm

I don’t know the law in relation to cookies so I can’t say anything about it. I was simply trying to identify the cookie

Mikl · October 18, 2012, 8:09am

[FONT=verdana]

My apologies, Molona. I wasn’t implying any criticism. I just wanted to clarify the point for the benefit of the original questionner.

Mike
[/FONT]

EnderMB · October 18, 2012, 1:44pm

I’ve done a large number of audits for large-scale sites with tons of cookies and have found this to be the best resource for tackling the EU cookie directive for the UK. Much of it should apply to the rest of Europe, but be sure to check on your own countries implementations.

http://www.international-chamber.co.uk/components/com_wordpress/wp/wp-content/uploads/2012/04/icc_uk_cookie_guide.pdf

Frankly, it sucks, and it’s already proven to not affect the big players. I know a number of top sites (primarily profit-centre sites) that are outright refusing to comply because they feel the potential £250k fine is less than what they feel their marketing cookies are worth per year. Also, considering the likes of Santander (Bank) are unlawfully breaching customer security through horrendous security practices with not as much as a whimper from the ICO I doubt they’ve even bothered to check who is using cookies and who isn’t.

Mikl · October 18, 2012, 5:02pm

[FONT=verdana]

I doubt they’ve even bothered to check who is using cookies and who isn’t.

I’m sure you’re right. It’s not their normal practice to initiate checks themselves. What they do is respond to complaints from members of the public. The theory is that individuals who feel agrieved at not having the chance to consent to cookies will submit a formal complaint. We’ll see.

By the way, the above remark applies to the UK. The authorities in other countries might be more active in enforcing the law.

Mike[/FONT]