On Tue, Mar 11, 2014 at 10:33 PM, rupert THURNER <[email protected]>wrote:
> Am 10.03.2014 17:01 schrieb "Manuel Schneider" < > [email protected]>: > > > > Am 10.03.2014 16:54, schrieb Chris Steipp: > > >> 1) catch the click on the "Login" link to show a banner first to ask > for > > >> the users consent, on acceptance forward the user to the login page > > >> > > >> 2) modify the login process to set the cookie after the actual login > and > > >> put an additional text on the login page like "by logging in I accept > > >> the usage of cookies by this website" > > > > > The cookie on the login page is for the anti-csrf (and captcha if > needed) > > > validation, so getting rid of it would be problematic from a technical > > > perspective (or would require a second click on the login page). > > > > Thanks Chris for this comment. > > > > So that leaves us with option 1) - a javascript banner. I think that > > shouldn't be too hard to implement. > > > > A <div> which hovers over the Wiki page, the text, two buttons [accept] > > / [leave]. Accept points to Special:Userlogin, leave just closes the > banner. > > A javascript that shows this <div> onclick() on the Login link, if no > > cookie has already been set by the Wiki. > > > > Maybe even a LocalSettings.php variable $wgApproveCookies = true; that > > is true by default and allows admins of internal company wikis etc. to > > disable that banner. > > > > As an option we could even add another setting $wgApproveCookiesAlways, > > which makes the same <div> to show up as soon as a user enters the wiki. > > That way we can support admins that have further extensions installed in > > their wiki which add cookies right away - like Google Analytics. > > > > Is there any technical argument against this proposal? > > Rupert > What's the fallback for users without JavaScript enabled in this scenario? Remco _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
