XF 2.0 How can I disable all cookies on XenForo?
- Thread starter Ewok
- Start date
sport_billy
Member
Lots of info on what XF are providing in forthcoming releases to help forum owners become more GDPR Compliant in this thread, cookies are discussed in there also https://xenforo.com/community/forums/have-you-seen/
Mr Lucky
Well-known member
Disabling cookies will not make you 100% compliant
Snog
Well-known member
Something people are overlooking is that the cookie portion of GDPR is for cookies that contain personal information. The cookies written by XenForo itself do not contain personal information. They are cookies needed for the security and operation of the software.
For example, the CSRF cookie is a security token to prevent Cross Site Request Forgeries (basically where another site can modify what you do and make it look like it came from you). Without that cookie any dynamically generated web site (which XenForo is) has opened a huge security hole for the user themselves, not the software. That cookie has no meaning to any other software and is useless for anything other than XenForo itself.
And the fact that the law was written in such general terms doesn't help matters. It leaves too much open for interpretation by member countries where the people interpreting it may not have a clue about how web sites operate.
For example, the CSRF cookie is a security token to prevent Cross Site Request Forgeries (basically where another site can modify what you do and make it look like it came from you). Without that cookie any dynamically generated web site (which XenForo is) has opened a huge security hole for the user themselves, not the software. That cookie has no meaning to any other software and is useless for anything other than XenForo itself.
And the fact that the law was written in such general terms doesn't help matters. It leaves too much open for interpretation by member countries where the people interpreting it may not have a clue about how web sites operate.
Last edited:
There is no need to disable XenForo cookies. You don't even have to ask for consent.
All you have to do is to have a privacy policy and declare that you are using cookies and why you need them. I think this is covered in the default privacy policy XenForo provides in the most recent version.
@mcatze: This is true even in Germany.
All you have to do is to have a privacy policy and declare that you are using cookies and why you need them. I think this is covered in the default privacy policy XenForo provides in the most recent version.
@mcatze: This is true even in Germany.
mcatze
Well-known member
It is not as easy as you think. There‘re too many different declarations how you should handle the cookies. The TMG §5 make it easy, but the gdpr said something else.There is no need to disable XenForo cookies. You don't even have to ask for consent.
All you have to do is to have a privacy policy and declare that you are using cookies and why you need them. I think this is covered in the default privacy policy XenForo provides in the most recent version.
@mcatze: This is true even in Germany.
Completely agree. I think some people are trying to oversimplify things to avoid complicating their lives....but guess what? The regulators don't care how you interpret the law, is how they do.
I guess those who are looking for an "easy way" have not come across the chapter of GDPR defining the fines coming your way for getting "creative" with the implementation
Exactly, IF you have their consent.
But if they choose not to, according to GDPR you MUST provide them with an option to use your site without any tracking or storing of data. So from a GDPR point of view, if you don't, you are non-complaint and a candidate to huge fines.
But if they choose not to, according to GDPR you MUST provide them with an option to use your site without any tracking or storing of data. So from a GDPR point of view, if you don't, you are non-complaint and a candidate to huge fines.
Ozzy47
Well-known member
Yes, all the cookies that come packaged with the software are for functionality. Now if you use some code from somewhere or an addon to add additional cookies for some reason, then it is up to you as the website owner to ensure they comply.
The approach taken by many of the big companies, including the ICO, regarding cookies is to tell people they are placing them (implied consent) and showing them how to deny/turn them off at the browser level with a warning the site may not function correctly without them. For example
http://www.betfair.com/aboutUs/Cookie.Policy/?utm_campaign=&utm_medium=em&utm_source=adobe_campaign
https://www.moneysavingexpert.com/site/cookies-qa
https://ico.org.uk/global/cookies/
The approach taken by many of the big companies, including the ICO, regarding cookies is to tell people they are placing them (implied consent) and showing them how to deny/turn them off at the browser level with a warning the site may not function correctly without them. For example
http://www.betfair.com/aboutUs/Cookie.Policy/?utm_campaign=&utm_medium=em&utm_source=adobe_campaign
https://www.moneysavingexpert.com/site/cookies-qa
https://ico.org.uk/global/cookies/
Similar threads
- Solved
