I’m trying somewhat belatedly to implement the EU cookies law in a simple way. Each page has the code
if ( !isset($_COOKIE['pcookie']) ) {
echo '<div id="cookies">This website uses cookies to help make it more useful and reliable. Continued use of the site indicates that you accept this policy. <a href="cookie-off.php">Don’t show this message again.</a></div>';
}>
I don’t like any of these cookie boxes that open. Instead I use an area (Named cookiejar :)) That has one button, clicking it will make it go yellow allowing cookies to be set and when cookies are created they are added to the cookie jar. Each cookie can be read by the user, and I will try and make them as obvious to what they are as possible. Each cookie can be unset individually, or by unsetting “remember=yes” will delete all cookies. Any action that requires cookies (wide mode in my site), will alert the user first to let them know that function requires cookies. Have a look at the site in my sig to see how it works.
I’ve only been using the method since this EU directive was about a year old, and I’m hoping it will fit in with future developments. But I like it, and think it fulfills the objective well enough without being too intrusive to the design of the site.
As for your particular problem, have you seen the output for time()86400365? I don’t think it’s a valid date for cookies
I definately agree with you there gandalf. I already have prompt on cookie settings in my browser, and now I’ve got to do it again for the site! Daft to say the least!!
The UK seems to have have change its stance a bit at the last moment and if you look a lot of sites say something to the effect “This site uses cookies and if you procede you have accepted there use”.
I am not sure how legal this is as by the time you have read it cookies have already been set!
I have not checked Amazon.co.uk lately but after the cookie law came in they were setting 15 cookies as soon as you landed on one of their pages. Supposedly shopping sites are allowed to use cookies as they are essential to the sites use but 15 seems a bit over the top for me and this was before you even logged in.
For example, some websites ‘remember’ which version a user wants to access such as a version of a site in a particular language. If this feature is enabled by the storage of a cookie, then you could explain this to the user and that it will mean you won’t ask them every time they visit the site. You can explain to them that by allowing you to remember their choice they are giving you consent to set the cookie. Agreement for the cookie could therefore be seamlessly integrated with the choice the user is already making.
Really, how ridiculous can a law be! Of course, offering multilingual websites is just a sneaky way to collect sensitive prefered language info from our visitors…
A while ago I read about how cookies needed for the functioning of the website would be excluded from the consent rule, but apparantly not.[/ot]
I know you wanted technical advice but you don’t need to do any of this, just place a link to your privacy policy on your page and make sure you cover cookies in there:
Things might be different for the OP Richard as he is based in Italy and not the UK. The implimentation of the law may not be the same there as it is in the UK.
HTML creates the headers as soon as something is sent to the screen. In server-side code Cookies are added to the headers, and headers must come before content. You cannot echo, print, write etc and then set headers
the simple answer is “As soon as your script hits something that either outputs, or any unencapsulated space”.
If there’s a blank line at the top of your page, if there’s a space before the < in <?php, headers get sent because the PHP engine sees that as HTML content.
Or if there’s an include with a blank line after the closing ?> tag (which is why it is recommended not to use the ?> closing tag at the end of your php files).