Thanks, Benjamin, Jacques. Definitely, we will move forward only after studying OFBiz cookies in depth. I just put initial thought came to my mind.
On Wed, Oct 31, 2018 at 9:03 PM Jacques Le Roux < jacques.le.r...@les7arts.com> wrote: > Thanks Deepak, Benjamin, > > We are indeed only concerned by the ecommerce webapps (both ecommerce and > ecomse). They are the sole to be public. The backend applications should > not > be concerned. > > Actually, in ecommerce webapps, we use technical cookies: JSSESSIONID, > possibly cookie.domain and maybe jstree* ones. I believe they all fall in > the > exempt cases. > > With OFBIZ-10635 I'm currently working on autoUserLoginId cookies. While > doing so I spotted that securedLoginId has the same duration (1 year) than > autoUserLoginId. I have reduced it to the browser session so it also falls > in the exempt cases. I'll commit that very soon. > > I have not read all the details but I believe the only ones we should > think about are the autoUserLoginId and OFBiz.Visitor cookies. They > inherently > does not contain party data, but from the visitorId or userLoginId fields > it's possible to get to the party data. Not sure it's an issue as is, > because AFAIK we use only first‑party cookies[1] but the problem seems > their durations: one year. > > [1] > https://www.opentracker.net/article/third-party-cookies-vs-first-party-cookies > > Jacques > > Le 31/10/2018 à 14:05, Benjamin Jugl a écrit : > > Hello all, > > > > just before you go in head over heels, please consider the following: > > > > "However, some cookies are exempt from this requirement. Consent is > > not required if the cookie is: > > > > * used for the sole purpose of carrying out the transmission of a > > communication, and > > * strictly necessary in order for the provider of an information > > society service explicitly required by the user to provide that > > service. > > > > Cookies clearly exempt from consent according to the EU advisory > > body on data protection- WP29pdf > > < > http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf > > include: > > > > * *user‑input* cookies (session-id) such as first‑party cookies to > > keep track of the user's input when filling online forms, > > shopping carts, etc., for the duration of a session or > > persistent cookies limited to a few hours in some cases > > * *authentication* cookies, to identify the user once he has > > logged in, for the duration of a session > > * *user‑centric security* cookies, used to detect authentication > > abuses, for a limited persistent duration > > * *multimedia content player* cookies, used to store technical > > data to play back video or audio content, for the duration of a > > session > > * *load‑balancing* cookies, for the duration of session > > * *user‑interface customisation* cookies such as language or font > > preferences, for the duration of a session (or slightly longer) > > * *third‑party social plug‑in content‑sharing* cookies, for > > logged‑in members of a social network." > > > > (http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm) > > > > Does OFBiz even set other cookies? If yes, for what are they needed? > > > > Kind regards, Benjamin Jugl > > > > > > > > On 31.10.18 13:11, Deepak Nigam wrote: > >> Hello All, > >> > >> The Cookie Law is a piece of privacy legislation that requires websites > to > >> get consent from visitors to store or retrieve any information on their > >> computer, smartphone or tablet. It was designed to protect online > privacy, > >> by making consumers aware of how information about them is collected and > >> used online, and give them a choice to allow it or not. > >> > >> The EU Cookie Legislation began as a directive from the European Union. > >> Some variation on the policy has since been adopted by all countries > within > >> the EU. > >> > >> The EU Cookie Legislation requires 4 actions from website owners who use > >> cookies: > >> 1. When someone visits your website, you need to let them know that your > >> site uses cookies. > >> 2. You need to provide detailed information regarding how that cookie > data > >> will be utilized. > >> 3. You need to provide visitors with some means of accepting or refusing > >> the use of cookies in your site. > >> 4. If they refuse, you need to ensure that cookies will not be placed on > >> their machine. > >> > >> For more information about EU cookie policy, please visit here > >> <http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm>. > >> > >> As this crucial feature is missing in OFBiz E-Commerce application, we > >> should work towards its implementation. There are numerous open-source > >> jQuery plugins available which we can use. Thoughts? > >> > >> > >> Thanks & Regards > >> -- > >> Deepak Nigam > >> HotWax Systems Pvt. Ltd. > >> > > > > > >