EU cookies law

I’m trying somewhat belatedly to implement the EU cookies law in a simple way. Each page has the code

if ( !isset($_COOKIE['pcookie']) ) {
 echo '<div id="cookies">This website uses cookies to help make it more useful and reliable. Continued use of the site indicates that you accept this policy. <a href="cookie-off.php">Don&#8217;t show this message again.</a></div>';

and my cookie-off.php is:

setcookie('pcookie', 'accepted', time()*86400*365);
header('Location: '.$back);

It works but only if I click the link about a dozen times. Is there I can do about this?

I don’t like any of these cookie boxes that open. Instead I use an area (Named cookiejar :)) That has one button, clicking it will make it go yellow allowing cookies to be set and when cookies are created they are added to the cookie jar. Each cookie can be read by the user, and I will try and make them as obvious to what they are as possible. Each cookie can be unset individually, or by unsetting “remember=yes” will delete all cookies. Any action that requires cookies (wide mode in my site), will alert the user first to let them know that function requires cookies. Have a look at the site in my sig to see how it works.

I’ve only been using the method since this EU directive was about a year old, and I’m hoping it will fit in with future developments. But I like it, and think it fulfills the objective well enough without being too intrusive to the design of the site.

As for your particular problem, have you seen the output for time()86400365? I don’t think it’s a valid date for cookies

Thanks Markdidj. Oops, that should be a +! time()+(86400*365). I think the law is an ass and am looking for the simplest way of complying.

I definately agree with you there gandalf. I already have prompt on cookie settings in my browser, and now I’ve got to do it again for the site! Daft to say the least!!

global include: uk_comply.php

if(!isset($_COOKIE['ukcomply']) && !isset($_GET['ukcomply']) {
   echo "You must blah de blah..."
   echo "<a href='".$_SERVER['PHP_SELF']."?ukcomply=1'>Click Here</a>";
setcookie('ukcomply',1,strtotime('+1 year'));

Thanks StarLion. That looks simpler. I’ll give that a go…

The UK seems to have have change its stance a bit at the last moment and if you look a lot of sites say something to the effect “This site uses cookies and if you procede you have accepted there use”.
I am not sure how legal this is as by the time you have read it cookies have already been set!

I have not checked lately but after the cookie law came in they were setting 15 cookies as soon as you landed on one of their pages. Supposedly shopping sites are allowed to use cookies as they are essential to the sites use but 15 seems a bit over the top for me and this was before you even logged in.

You could always use this code:

Another site that fails with errors when I block cookies at browser level. So many do it?!?!

The trouble with this is I get Warning: Cannot modify header information - headers already sent…

I don’t see a header() in that code?

[ot]From the ICO cookie guidance:

For example, some websites ‘remember’ which version a user wants to access such as a version of a site in a particular language. If this feature is enabled by the storage of a cookie, then you could explain this to the user and that it will mean you won’t ask them every time they visit the site. You can explain to them that by allowing you to remember their choice they are giving you consent to set the cookie. Agreement for the cookie could therefore be seamlessly integrated with the choice the user is already making.

Really, how ridiculous can a law be! Of course, offering multilingual websites is just a sneaky way to collect sensitive prefered language info from our visitors…
A while ago I read about how cookies needed for the functioning of the website would be excluded from the consent rule, but apparantly not.[/ot]

I don’t see a header() in that code?

No but the code is included in all pages on the site and setcookie() tries to modify the headers.

I know you wanted technical advice but you don’t need to do any of this, just place a link to your privacy policy on your page and make sure you cover cookies in there:

Things might be different for the OP Richard as he is based in Italy and not the UK. The implimentation of the law may not be the same there as it is in the UK.

So insert that code into whatever header-sender you already have, before you start any ouptut.

Point taken but they are even more relaxed about it than the UK:

Thanks guys. I initially want to do this for a UK website although possibly others later.

I’m not sure at what point an HTML page send the headers so I’ll just play…

HTML creates the headers as soon as something is sent to the screen. In server-side code Cookies are added to the headers, and headers must come before content. You cannot echo, print, write etc and then set headers

the simple answer is “As soon as your script hits something that either outputs, or any unencapsulated space”.

If there’s a blank line at the top of your page, if there’s a space before the < in <?php, headers get sent because the PHP engine sees that as HTML content.

Or if there’s an include with a blank line after the closing ?> tag (which is why it is recommended not to use the ?> closing tag at the end of your php files).

Many thanks guys for your advice. Much appreciated!