Welcome to WebmasterWorld Guest from 3.227.3.146

Forum Moderators: phranque

Message Too Old, No Replies

Cookie Policies to consider Sessions?

     
1:23 pm on Jun 23, 2011 (gmt 0)

Junior Member

10+ Year Member

joined:June 26, 2008
posts:178
votes: 0


Hey Folks,

So we're writing our cookie policy and I was wondering; do we mention sessions?

For example:

We store this cookie and this cookie and these sessions...

Simple question - it would be great to shed some light on this.

Thanks in advance,
Tom.
2:27 pm on June 23, 2011 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 413


No, because they "sessions" are on the server ..not on the visitors machine.."cookies" are on the visitors machine..
4:54 pm on June 23, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Yes but most sessions - specifically, PHP sessions - maintain the connection to the user's computer via the PHPSESSID cookie anyway, unless your server and scripts are configured to default to query strings if a cookie can't be set. For many sites, no cookies - no PHP session control.

I don't see a problem with complete disclosure, mentioning that session data is automatically deleted after 25 minutes of activity (I think that's the default, for PHP.)
5:11 pm on June 23, 2011 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:7139
votes: 413


I don't see a problem with complete disclosure

I'd agree , except by now most "average" people hear read "cookies" ..and get scared or suspicious ..or both ..they tend ( because of abuse by some sites and search engines, and some very bad explanations and scare reporting by so called tech reporters in MSM ) to equate cookies with virus IME.

My advice would be if you are going to go for "complete disclosure", mention sessions if you use them ..but telling them that you may use cookies to set them, will just scare them twice as much...

I know its a fudge ..but by now people ( including lawmakers ) tend to think "cookies" can steal souls.
9:57 am on June 24, 2011 (gmt 0)

Junior Member

10+ Year Member

joined:June 26, 2008
posts:178
votes: 0


Thanks for the feedback guys.

This cookie policy is driving me up the wall.

What a load of rubbish! It's frustrating that we need to activly prompt the user to accept cookies.

In my opinion that just creates a bad user experience.

Again, thanks guys!
5:09 pm on June 24, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Well, the way to handle that is to accept the responsibility for making it work **with or without** cookies (or Javascript.) See the previous for how you do that - PHP has this functionality inherent in it's framework. In other languages the functionality is the same - you try to set a cookie, if you can't, you carry a session ID via query strings and hidden post field values. Along with this is a constant notification to the user - "please note your usage of this site will be enhanced if you accept cookies. They are really low cal and delicious - we promise!"
11:02 am on June 29, 2011 (gmt 0)

Junior Member

10+ Year Member

joined:June 26, 2008
posts:178
votes: 0


Haha, the website will work without cookies. Our cookies remember the users language preference.

Without cookies, on each visit, they get the countries native language. And if they're on business, which is likely with us being B2B, then they may be a Brit in Germany, for example.

But yes - sound advice - thank you.
4:51 pm on June 29, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Our cookies remember the users language preference.


Huh? The site may be remembering the user agent by IP?

Try clearing all cookies for yourdmainname.com in your browser. Disable cookies, then create a new account. A "workaround" I use for this is to enter the site in a browser I've never used on the site before - "clean entry." :-) This will tell you how well it works without cookies. Same for JS.
2:56 pm on July 1, 2011 (gmt 0)

Junior Member

10+ Year Member

joined:June 26, 2008
posts:178
votes: 0


Nooo no, we pin them down to a geological location with their IP. We then save their native language as their preference in a cookie. If they change their language, it's remembered with said cookie...