OVH Community, your new community space.

auto-serving cookies from my hosting - a legal liability?

10-04-2012, 19:08
I contacted support about this, and got the following reply:

This cookie is in place to ensure that you are always associated with the same server in the web hosting cluster, it's to account for any potential sessions that you may have running, and there is no way of disabling it.

All it does is ensure that you will return to the same server you had been accessing when you initially loaded the page.

I think this means that it's technically necessary for serving the webpage, and a simple note on the privacy page will suffice.

05-03-2012, 17:20
Yes, "Essential" cookies are permitted. Those that are required to make the website work in its most basic form (shopping cart, load balancing, etc). Could well be that OVH cookie falls in that class, indeed...

05-03-2012, 13:40
I think certain cookies (serving some particular function) are allowed right? I don't remember the details.

02-03-2012, 20:09
That cookie law is the stupidest thing the EU has come up with, and a technical nightmare (in terms of 3rd party cookies). But, personal opinions aside, the UK has until May this year to catch up with that law before it is fully enforceable.

28-02-2012, 19:31
So I have a website which I've recently been trying to optimise as it looks to webpagetest. I'm keenly aware of my novice status here, but I'm trying to cover all the basic stuff.

Anyway, I noticed that the server was sending cookies, for example:

Response Headers:

HTTP/1.1 200 OK
Set-Cookie: 90plan=Rxxxxxxxxxx; path=/; expires=Fri, 02-Mar-2012 02:30:01 GMT
Date: Tue, 28 Feb 2012 14:20:55 GMT
Server: Apache/2.2.X (OVH)
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2502
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
where the 'x' is a digit 0..9 (since I don't know what the number represents I blanked it)

The expires bit might conceivably be down to caching headers (which I've been adding). But I don't think the '90plan' bit is down to anything I've done. I'd quite like it not to happen unless there's a technical necessity. Because otherwise, as I understand it, fairly recent changes in the law make it illegal to serve cookies without getting permission first! Even if it's a technical requirement, I think declaring it is legally required.