We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

auto-serving cookies from my hosting - a legal liability?


Lysis
10-04-2012, 20:08
I contacted support about this, and got the following reply:

This cookie is in place to ensure that you are always associated with the same server in the web hosting cluster, it's to account for any potential sessions that you may have running, and there is no way of disabling it.

All it does is ensure that you will return to the same server you had been accessing when you initially loaded the page.

Regards,
I think this means that it's technically necessary for serving the webpage, and a simple note on the privacy page will suffice.

Myatu
05-03-2012, 18:20
Yes, "Essential" cookies are permitted. Those that are required to make the website work in its most basic form (shopping cart, load balancing, etc). Could well be that OVH cookie falls in that class, indeed...

freshwire
05-03-2012, 14:40
I think certain cookies (serving some particular function) are allowed right? I don't remember the details.

Myatu
02-03-2012, 21:09
That cookie law is the stupidest thing the EU has come up with, and a technical nightmare (in terms of 3rd party cookies). But, personal opinions aside, the UK has until May this year to catch up with that law before it is fully enforceable.

Lysis
28-02-2012, 20:31
So I have a website which I've recently been trying to optimise as it looks to webpagetest. I'm keenly aware of my novice status here, but I'm trying to cover all the basic stuff.

Anyway, I noticed that the server was sending cookies, for example:


Response Headers:

HTTP/1.1 200 OK
Set-Cookie: 90plan=Rxxxxxxxxxx; path=/; expires=Fri, 02-Mar-2012 02:30:01 GMT
Date: Tue, 28 Feb 2012 14:20:55 GMT
Server: Apache/2.2.X (OVH)
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2502
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
where the 'x' is a digit 0..9 (since I don't know what the number represents I blanked it)

The expires bit might conceivably be down to caching headers (which I've been adding). But I don't think the '90plan' bit is down to anything I've done. I'd quite like it not to happen unless there's a technical necessity. Because otherwise, as I understand it, fairly recent changes in the law make it illegal to serve cookies without getting permission first! Even if it's a technical requirement, I think declaring it is legally required.