Cookies accept or decline Bar

[pctecmech]

To comply with the new cookie's rules I have Added a "Cookies Policy" to my sites but I need to add a bar to either the top or the bottom of the page to allow visitor to accept or decline cookie.

Any help will be appreciated

[keyboard]

the new cookie's rules

What new cookies rule?

[bernie1227]

What new cookies rule?

At a guess, I'd say that there's one about having to have the person browsing accept or decline the cookie. No idea why though

[pctecmech]

From May 2011 a new privacy law came into effect across the EU. The law requires that websites ask visitors for consent to use most web cookies.

[ApacheTech]

From the ICO's video in that report, the fact that a user has cookies enabled in their browser is "implied consent" enough that you need not worry too much about the law.

A suitable option would be a paragraph in your "About Us" or "Contact Us" pages that explains that the site uses cookies.

Sample:

Cookie Policy:

This website uses cookies to streamline and personalise your experience with us. In order to comply with European Law, we need to make you aware of this. We do not store any confidential information about you or your usage of the site within any cookies and any information we do hold is protected, as usual, under the DPA. If you have any concerns about our cookie policy, please contact us at webmaster@company.com. You can review the guidelines on cookie usage at http://www.ico.gov.uk/for_organisati...e/cookies.aspx. If you do not wish cookies to be stored within your browser, please disable this option within your browser's settings.

[bernie1227]

From the ICO's video in that report, the fact that a user has cookies enabled in their browser is "implied consent" enough that you need not worry too much about the law.

A suitable option would be a paragraph in your "About Us" or "Contact Us" pages that explains that the site uses cookies.

Sample:

Cookies are what make the web go round in my opinion, so if users started declining cookies which they had no idea what they do, they'll most likely start complaining that the site doesn't work, So I agree with apache that it would be simpler just to tell the user that the site uses cookies and to take it or leave it.
But if you really wanted accept or decline buttons, you could just go something like:
(JavaScript)

Code:

function acceptCookie() 
{
//write the cookie
}

(HTML)

Code:

<button onclick="acceptCookie()">

Bernie

[ApacheTech]

Cookies are useful for anonymous users.

They mean that user settings can persist through sessions. But on sites where users can log in, cookies are less needed.

In the age of SocialConnect and OpenID, cookies will become less needed as these Connect enabled sites allow for fast and simple registration to sites. Once the user is logged in, the database engine can kick in and personalise the site as cookies once did. SessionID cookies and other similar uses will not be affected.

I think, after reading through the legislation, that I'm actually in favour of this change. Placing a paragraph such as above somewhere on the site (not in a privacy policy) is acceptable enough to comply and it's hardly any trouble. Personally I hope things like robots.txt and humans.txt follow suit.

Let's face it, just like robots.txt, malicious sites will simply ignore the rules. Net Neutrality will always win out, thankfully, but this brings a certain level of standardisation that is needed to push forward the new technologies. Cookies have long been used to do what, realistically should have been handled by a simple database driven site.

It's kind of like the question of whether we should continue to support IE 6, 7 and 8 or whether we should take that particular horse out to pasture and shoot it in the face. Net Neutrality needs to be protected at all costs, but the internet does need to move forwards. That's my tuppence on it anyway.

[bernie1227]

Cookies are useful for anonymous users.

They mean that user settings can persist through sessions. But on sites where users can log in, cookies are less needed.

In the age of SocialConnect and OpenID, cookies will become less needed as these Connect enabled sites allow for fast and simple registration to sites. Once the user is logged in, the database engine can kick in and personalise the site as cookies once did. SessionID cookies and other similar uses will not be affected.

I think, after reading through the legislation, that I'm actually in favour of this change. Placing a paragraph such as above somewhere on the site (not in a privacy policy) is acceptable enough to comply and it's hardly any trouble. Personally I hope things like robots.txt and humans.txt follow suit.

Let's face it, just like robots.txt, malicious sites will simply ignore the rules. Net Neutrality will always win out, thankfully, but this brings a certain level of standardisation that is needed to push forward the new technologies. Cookies have long been used to do what, realistically should have been handled by a simple database driven site.

It's kind of like the question of whether we should continue to support IE 6, 7 and 8 or whether we should take that particular horse out to pasture and shoot it in the face. Net Neutrality needs to be protected at all costs, but the internet does need to move forwards. That's my tuppence on it anyway.

Quite true apache, but one must wonder, whether this kind of legislative change, artificially pushing progress will be brought in by other countries rather than just the eu.

[ApacheTech]

The EU is hardly a country. This law is currently in act for 27 countries, spearheaded by the UK.

I admit that it will make the WebDev community think harder about how they code their sites, but is that really a bad thing?

The problem with cookies is that it relies on the end-user having some technical knowledge. To most internet users, cookies are things you buy from supermarkets and eat five at a time even though you only meant to have one. Cookies in internet terms can be used for good, or bad and both methods use the same techniques.

There is currently no way, other than a seriously paranoid anti-malware program or simply disabling cookies to stop those tracking cookies that perform the malicious acts. This act will go some way towards coming to a stage where those cookies can be kept to a minimum, by punishing those that abuse the system. Something like that will not lead to a lack of net neutrality, nor lead to any privatisation of the internet.

If we, as the WebDev Community, can form a de facto standard on what should and should not be cookied, we can help further the cause. Realistically, only truly anonymous sites need to rely on cookies. Anything that uses a database engine or any form of user authentication can transpose a lot of what their cookies hold into the database. Even an anonymous site that uses any form of OpenID or SocialConnect can use a backend database to do a lot of what cookies do now. Admittedly, it;s only now that databases have become stable and compact enough to use as an engine for a site that this is possible.

Cookie audits should become a part of every company's standard maintenance of their website. It should be part of the regular Systems Analysis that goes into the running of the company. Anything that doesn't essentially rely on cookies should be handled by the back end of the site. This is the same for intranets as well. Intranets shouldn't really have any need for cookies but they have been used for a long time as a shortcut or jury rig for jobs that should really be handled elsewhere.

[bernie1227]

The EU is hardly a country. This law is currently in act for 27 countries, spearheaded by the UK.

I admit that it will make the WebDev community think harder about how they code their sites, but is that really a bad thing?

The problem with cookies is that it relies on the end-user having some technical knowledge. To most internet users, cookies are things you buy from supermarkets and eat five at a time even though you only meant to have one. Cookies in internet terms can be used for good, or bad and both methods use the same techniques.

There is currently no way, other than a seriously paranoid anti-malware program or simply disabling cookies to stop those tracking cookies that perform the malicious acts. This act will go some way towards coming to a stage where those cookies can be kept to a minimum, by punishing those that abuse the system. Something like that will not lead to a lack of net neutrality, nor lead to any privatisation of the internet.

If we, as the WebDev Community, can form a de facto standard on what should and should not be cookied, we can help further the cause. Realistically, only truly anonymous sites need to rely on cookies. Anything that uses a database engine or any form of user authentication can transpose a lot of what their cookies hold into the database. Even an anonymous site that uses any form of OpenID or SocialConnect can use a backend database to do a lot of what cookies do now. Admittedly, it;s only now that databases have become stable and compact enough to use as an engine for a site that this is possible.

Cookie audits should become a part of every company's standard maintenance of their website. It should be part of the regular Systems Analysis that goes into the running of the company. Anything that doesn't essentially rely on cookies should be handled by the back end of the site. This is the same for intranets as well. Intranets shouldn't really have any need for cookies but they have been used for a long time as a shortcut or jury rig for jobs that should really be handled elsewhere.

Yes apache, I know what the eu is, and have been there multiple times.
A a thought, a standard could be brought in about the use of cookies, web wide. However, statistics show that over 50% of websites use cookies, and with over 7 billion websites currently, a lot of website owners may not be so keen to give up their cookies to go and get rid of them in order to make their website nice and neat for people like us to admire, just as many people may not want to go to the hassle of validating their pages just to please people like us.
Bernie