XF 2.0 How can I disable all cookies on XenForo?

Disabling cookies is a part of the GDPR. The User must have the opinion to disable the cookies. The best way is opt-in or opt-out..
If XenForo doesn‘t run without cookies is not interesting for the goverment. This is what they said in Germany..
 
Something people are overlooking is that the cookie portion of GDPR is for cookies that contain personal information. The cookies written by XenForo itself do not contain personal information. They are cookies needed for the security and operation of the software.

For example, the CSRF cookie is a security token to prevent Cross Site Request Forgeries (basically where another site can modify what you do and make it look like it came from you). Without that cookie any dynamically generated web site (which XenForo is) has opened a huge security hole for the user themselves, not the software. That cookie has no meaning to any other software and is useless for anything other than XenForo itself.

And the fact that the law was written in such general terms doesn't help matters. It leaves too much open for interpretation by member countries where the people interpreting it may not have a clue about how web sites operate.
 
Last edited:
How does disabling cookies help at all when all you need do is explain whta they are for?

fb3cb66abd9cdaded0f07d68dbc35b92.jpg
 
There is no need to disable XenForo cookies. You don't even have to ask for consent.

All you have to do is to have a privacy policy and declare that you are using cookies and why you need them. I think this is covered in the default privacy policy XenForo provides in the most recent version.

@mcatze: This is true even in Germany. ;)
 
There is no need to disable XenForo cookies. You don't even have to ask for consent.

All you have to do is to have a privacy policy and declare that you are using cookies and why you need them. I think this is covered in the default privacy policy XenForo provides in the most recent version.

@mcatze: This is true even in Germany. ;)
It is not as easy as you think. There‘re too many different declarations how you should handle the cookies. The TMG §5 make it easy, but the gdpr said something else.
 
It is not as easy as you think. There‘re too many different declarations how you should handle the cookies. The TMG §5 make it easy, but the gdpr said something else.
Completely agree. I think some people are trying to oversimplify things to avoid complicating their lives....but guess what? The regulators don't care how you interpret the law, is how they do.

I guess those who are looking for an "easy way" have not come across the chapter of GDPR defining the fines coming your way for getting "creative" with the implementation ;)
 
Exactly, IF you have their consent.


But if they choose not to, according to GDPR you MUST provide them with an option to use your site without any tracking or storing of data. So from a GDPR point of view, if you don't, you are non-complaint and a candidate to huge fines.
 
Yes, all the cookies that come packaged with the software are for functionality. Now if you use some code from somewhere or an addon to add additional cookies for some reason, then it is up to you as the website owner to ensure they comply.

The approach taken by many of the big companies, including the ICO, regarding cookies is to tell people they are placing them (implied consent) and showing them how to deny/turn them off at the browser level with a warning the site may not function correctly without them. For example

http://www.betfair.com/aboutUs/Cookie.Policy/?utm_campaign=&utm_medium=em&utm_source=adobe_campaign

https://www.moneysavingexpert.com/site/cookies-qa

https://ico.org.uk/global/cookies/
 
Back
Top Bottom