Allow control over cookies via code events


Well-known member
1) If you have specific use cases in mind, we may be able to introduce specific code events in places that are unlikely to be affected by issues mentioned.
So for now we're not aiming to fix this but if you have any further feedback such as specific code events that might be useful then please post a new thread in the suggestions forum.
Our use case is that we have to comply with upcoming german law TTDSG ("Telekommunikation-Telemedien-Datenschutzgesetz") § 25.

This new law requires that we do not store information on users devices (or access those infiormation) without explicit user consent unless storing or accessing this information i absolutely required to offer the service.
According to our data protection officer, only two of the cookies uses by XenForo would fall into this category: xf_session and xf_csrf.

So in order to comply, we need to block access to cookies (except those two) unless the user has given consent.

As cookies are being set and read from multiple locations, it seems like the best way to achive this would be trough the Request and Reponse classes.
Unfortunatley those are not extendable through class proxy and there are no plans to change this.

So this request is about adding code events so we could add code to control access to cookies.
Last edited:
Upvote 7
Top Bottom