in reply to Re^6: login with google account
in thread login with google account

However, PM does store a cookie so should have a cookie pop-up...for stupid regulations but rules are rules!

Thankfully that isn't the case. Here's why:

  1. The EU Cookie Law is just that - an EU law. It applies only to sites hosted in the EU (despite the EU and the EC in particular thinking and acting like somehow their laws apply worldwide). Sites such as this which are hosted outside of their jurisdiction are not subject to their laws.
  2. Even if PerlMonks were to move to a hosting facility somewhere which is under the jurisdiction of the EU, the law makes no stipulation of a pop-up. Merely that the user is somehow informed and allowed to choose/indicate their compliance. Many of the less-annoying sites put this nonsense in a page footer so as not to get in the way. Still a complete waste of time, effort and bandwidth but far less intrusive to the browsing experience.
  3. In some jurisdictions where the law is in force (such as the one applying to you and me) purely functional cookies such as the login cookie set here are exempt anyway.

The EU cookie law is not the worst piece of legislation to come out of the EU but it's still pretty bad. I have yet to meet anyone either within the IT industry or outside it who thinks that it has any redeeming benefit. The fact that 95% of the annoying cookie popups just vanish entirely if you disable javascript and reload the page shows how half-arsed most implementations are and nobody cares because nobody really wants it - neither the site providers nor the users.

🦛

Replies are listed 'Best First'.
Re^8: login with google account
by Bod (Parson) on Nov 11, 2024 at 13:56 UTC

    Good points hippo - I'd overlooked that PM is hosted in the US - my bad!

    In some jurisdictions where the law is in force (such as the one applying to you and me) purely functional cookies such as the login cookie set here are exempt anyway.

    As I understand the legislation, session cookies for login are exempt. But, persistent cookies are not.

    Is your understanding of this different?

[reply]

      I am not aware of any distinction in the legislation between session cookies and persistent cookies. The key attribute is rather the purpose to which the cookie is put.

      If session and persistent cookies are regarded differently, it would be useful to know about it. My reading of section 6 of the PECL suggests otherwise though.

      🦛

[reply]
        My reading of that section (specifically s6(4) which has the exemptions) is that because persistence or otherwise is not mentioned, it's not relevant.

        The only slightly obscure thing is it refers to "provision of an information society service". That appears, from the full text of the directive, to be a vague thing semantically equivalent to "an information service". Therefore, anything "strictly necessary for the provision" of one of those is exempted from the explicit consent bit.

[reply]
        I am not aware of any distinction in the legislation between session cookies and persistent cookies

        My knowledge of the legislation is only partial. It is our intention to comply with it, but more important to us are the Google data layer requirements as we rely on remarketing code. Google seem to require a popup distinct from a banner and don't seem to like persistent cookies. We did some tests a while back but they perhaps weren't totally thorough as we made some assumptions.

        The way we implement cookies is to present a small popup right at the bottom of the screen if the user doesn't have our cookieConsent cookie set. If they click no, we set that cookie to false or if they click yes, we set it to true and make it persistent for one year. From this we determine how we set other cookies - mostly to either make them persistent or not. Not that we use a lot of cookies - one for a banner popup and two for login purposes.

[reply]
[d/l]
[select]

In Section Inner Scriptorium