By Ollie Phillips, April 7, 2012
There's not much love for the new European laws on Cookies disclosure across the pond. Imagine how we feel about it over here in Europe, especially in the UK, where website owners need to be making adequate disclosure on their websites from 26th May 2012; that's next month!
Given the type of clients I work with, I've had to take the legislation a bit more seriously than most. First, by developing a javascript disclosure and opt-in solution, which was subsequently open-sourced in June last year, and latterly by developing an add-on/plugin for Concrete5, which has just been released.
The Concrete5 add-on benefits from the fact it runs server-side; it's nicer to configure than the javascript version and basically prevents any tracking scripts, which you might have pasted into the tracking codes section of the Concrete5 dashboard, from running until cookies have been opted-in-to; as long as you paste them into this add-ons dashboard interface instead. On top of that it allows a disclosure to be made about how cookies are used and provides a link to the site's privacy policy. That's all. But that's further than some other content management systems appear to be.
But, and it's a big but. Cookies are everywhere, they're as much a part of the web as html and http. This add-on controls tracking scripts it knows about, but there are a growing number of add-ons out there that all utilise some javascript which probably sets a cookie. I'm thinking 'tweet this' buttons, 'like' buttons, and 'add-this' style social sharing implementations. My disclosure add-on has no control over those scripts, many of which need to be controlled and disclosed. In-fact, the best it can do is disclose them.
But, this morning I put together the final piece of the jigsaw; a simple PHP class that could be used as the basis for an opt-in test by developers in their own add-ons. It's easy to implement, and could provide a simple wrapper for php calls that include cookie setting javascript in the page as in the following example.
Filename: Example Implementation
<?php
public function on_before_render() {
loader::library('cookiesOptIn');
$coi = new cookiesOptIn();
if($coi->canSetCookies()) {
## Your add-on inserts its cookie setting javascripts
## For example
$html = loader::helper('html');
$this->addHeaderItem($html->javascript('iSetCookies.js'));
}
}
?>
The php class, performs three tests.
1) Is the cookies disclosure add-on installed?
2) Is it enabled, i.e making a disclosure?
3) Does the opt-in cookie, which is set once visitor has agreed to cookies, exist?
The class itself is below.
Filename: cookiesOptIn.php
<?php
defined('C5_EXECUTE') or die(_("Access Denied."));
class cookiesOptIn() {
public function canSetCookies() {
/**
* Simple test for cookies disclosure add-on and acceptance status
*
* @return Bool True or False
*
*/
## Is Formigo Cookie Disclosure installed and enabled
if($this->isInstalledActive()) {
## It is installed and enabled check the status of the acceptance Cookie
if($_COOKIE['cookiesDirective']){
## Cookies have been accepted
return True;
} else {
## Opt-in has not been obtained
return False;
}
} else {
## Not installed or not enabled, we can set cookies
return True;
}
}
private function isInstalledActive() {
Loader::Model("package");
$pkg = Package::getByHandle('formigo_cookies_disclosure');
if($pkg) {
## It is installed, is it enabled?
$config = new Config();
$config->setPackageObject($pkg);
$enabled = $config->get('scriptenable');
if($enabled) {
return True;
} else {
return False;
}
} else {
return False;
}
}
}
?>
If you're a Concrete5 developer, especially if you're looking to market your add-ons in Europe and the UK, Cookies disclosure looks to be here to stay. You might consider the above approach which will certainly help us Europeans out when using your add-ons.
Hey, and don't shoot the messenger - I didn't make this crazy legislation up.
blog comments powered by Disqus
Social Media
We do the social thing too, connect with us