FYI, here is the Jira ticket <https://issues.apache.org/jira/browse/OFBIZ-10639> for further discussion and research.
On Thu, Nov 1, 2018 at 3:02 PM Deepak Nigam <[email protected]> wrote: > Thanks, Benjamin, Jacques. > > Definitely, we will move forward only after studying OFBiz cookies in > depth. I just put initial thought came to my mind. > > > > On Wed, Oct 31, 2018 at 9:03 PM Jacques Le Roux < > [email protected]> wrote: > >> Thanks Deepak, Benjamin, >> >> We are indeed only concerned by the ecommerce webapps (both ecommerce and >> ecomse). They are the sole to be public. The backend applications should >> not >> be concerned. >> >> Actually, in ecommerce webapps, we use technical cookies: JSSESSIONID, >> possibly cookie.domain and maybe jstree* ones. I believe they all fall in >> the >> exempt cases. >> >> With OFBIZ-10635 I'm currently working on autoUserLoginId cookies. While >> doing so I spotted that securedLoginId has the same duration (1 year) than >> autoUserLoginId. I have reduced it to the browser session so it also >> falls in the exempt cases. I'll commit that very soon. >> >> I have not read all the details but I believe the only ones we should >> think about are the autoUserLoginId and OFBiz.Visitor cookies. They >> inherently >> does not contain party data, but from the visitorId or userLoginId fields >> it's possible to get to the party data. Not sure it's an issue as is, >> because AFAIK we use only first‑party cookies[1] but the problem seems >> their durations: one year. >> >> [1] >> https://www.opentracker.net/article/third-party-cookies-vs-first-party-cookies >> >> Jacques >> >> Le 31/10/2018 à 14:05, Benjamin Jugl a écrit : >> > Hello all, >> > >> > just before you go in head over heels, please consider the following: >> > >> > "However, some cookies are exempt from this requirement. Consent is >> > not required if the cookie is: >> > >> > * used for the sole purpose of carrying out the transmission of a >> > communication, and >> > * strictly necessary in order for the provider of an information >> > society service explicitly required by the user to provide that >> > service. >> > >> > Cookies clearly exempt from consent according to the EU advisory >> > body on data protection- WP29pdf >> > < >> http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf >> > include: >> > >> > * *user‑input* cookies (session-id) such as first‑party cookies to >> > keep track of the user's input when filling online forms, >> > shopping carts, etc., for the duration of a session or >> > persistent cookies limited to a few hours in some cases >> > * *authentication* cookies, to identify the user once he has >> > logged in, for the duration of a session >> > * *user‑centric security* cookies, used to detect authentication >> > abuses, for a limited persistent duration >> > * *multimedia content player* cookies, used to store technical >> > data to play back video or audio content, for the duration of a >> > session >> > * *load‑balancing* cookies, for the duration of session >> > * *user‑interface customisation* cookies such as language or font >> > preferences, for the duration of a session (or slightly longer) >> > * *third‑party social plug‑in content‑sharing* cookies, for >> > logged‑in members of a social network." >> > >> > (http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm) >> > >> > Does OFBiz even set other cookies? If yes, for what are they needed? >> > >> > Kind regards, Benjamin Jugl >> > >> > >> > >> > On 31.10.18 13:11, Deepak Nigam wrote: >> >> Hello All, >> >> >> >> The Cookie Law is a piece of privacy legislation that requires >> websites to >> >> get consent from visitors to store or retrieve any information on their >> >> computer, smartphone or tablet. It was designed to protect online >> privacy, >> >> by making consumers aware of how information about them is collected >> and >> >> used online, and give them a choice to allow it or not. >> >> >> >> The EU Cookie Legislation began as a directive from the European Union. >> >> Some variation on the policy has since been adopted by all countries >> within >> >> the EU. >> >> >> >> The EU Cookie Legislation requires 4 actions from website owners who >> use >> >> cookies: >> >> 1. When someone visits your website, you need to let them know that >> your >> >> site uses cookies. >> >> 2. You need to provide detailed information regarding how that cookie >> data >> >> will be utilized. >> >> 3. You need to provide visitors with some means of accepting or >> refusing >> >> the use of cookies in your site. >> >> 4. If they refuse, you need to ensure that cookies will not be placed >> on >> >> their machine. >> >> >> >> For more information about EU cookie policy, please visit here >> >> <http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm>. >> >> >> >> As this crucial feature is missing in OFBiz E-Commerce application, we >> >> should work towards its implementation. There are numerous open-source >> >> jQuery plugins available which we can use. Thoughts? >> >> >> >> >> >> Thanks & Regards >> >> -- >> >> Deepak Nigam >> >> HotWax Systems Pvt. Ltd. >> >> >> > >> > >> >>
