Viewing 16 posts - 1 through 16 (of 16 total)
  • Author
    Posts
  • #940524

    Hello!

    After testing the cookies on a default WP installation without any plugins I discovered Enfold sets a cookie when the site is entered by a visitor. The name of the cookie is PHPSESSID and results from the Enfold theme – the default WP themes doesn´t set any cookie.

    I searched the sourcecode for “session_start” and found it here:
    – masonry_entries.php (/enfold/config-templatebuilder/avia-shortcodes)
    – portfolio.php (/enfold/config-templatebuilder/avia-shortcodes/portfolio)
    – php.js (/enfold/config-layerslider/LayerSlider/static/codemirror/mode/php)

    Enfold version: 4.2.6

    As you know setting a cookie without acceptance by the visitor is against the law (EU GDPR). So we need to disable this cookie.
    How can this be done?

    Best regards
    Jan

    #940590

    Hey Jan,

    We will add an option in upcoming Enfold update which is planned to be released within a week or so :)

    Best regards,
    Yigit

    #955763

    We will add an option in upcoming Enfold update which is planned to be released within a week or so :)

    Hey Yigit,

    I installed Enfold 4.3.1, but I can’t find the option to disable the cookie. Where is ist?

    Best regards

    David

    #955920

    Hi,
    I believe this was addressed via the settings Enfold Theme Options > Cookie Consent > Cookie Consent Message which doesn’t disable the cookie, but is compliant by notifying the visitor of the cookie.

    Best regards,
    Mike

    #955994

    Thank you, Mike, for your answer!

    So disabling the cookie is still just possible hard coded in the theme?

    Best regards,
    David

    #955997

    sorry but this is absolutely not true. The PHPSESSID is something that will be always (ubiquitär) if you visit any page. It has nothing to do with Enfold. This session cookie is normal usage in internet and if ( yes there are methods ) you kill that cookie the url is used instead! This is on my point of view even more security risky than that littel cookie with a crypted ID.
    A lot of browser even don’t list it because it is concerning to php usage standard behavior.
    http://php.net/manual/en/function.session-id.php

    the only cookie set by enfold now is that cookie consent cookie. This cookie saves your answer if you accept or deny cookie usage.

    By the way – go and deny in your browser cookie usage at all and look what happend if your start your browser?
    There was a fallback solution for that etc pp.

    Don’t get panic with GDPR (DSGVO on Germany)

    Many people now worry about the implementation of the obligation to educate on the Internet and on their websites about dataprotection.
    The risk of a written warning by lawyers is only great if the privacy statement is missing or hidden only to find. This has to remain almost always visible and clickable. Many Peaople place the cookie note in such a way that it hides the link to Privacy Policy or Imprint.

    The point of the list of processing activities is also a big point.
    You have now to have a documentation about your handling with data at your business. This list must be available at the request of the Data Protection Officer responsible for you. (Previously, anyone with legitimate interest could demand this release)

    • This reply was modified 6 years, 7 months ago by Guenni007.
    #956000

    The PHPSESSID is something that will be always (ubiquitär) if you visit any page. It has nothing to do with Enfold.

    Sorry, but that’s bare nonsense. Of course Enfold sets this session cookie. @deeluuxe listet some files where Enfold uses session_start() which causes this cookie. No standard WordPress theme does this btw. …

    #956011

    If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose.
    What is the reason to avoid session id?
    if f.e. here on board the session is killed – you will be loggt off.
    People use Google Adsense – Google Analytics etc. if there is a use with anonymiser than even those cookies are GDPR conform.

    by the way – these are three ALB Elements – i tested it – comment the whole line out like:

     // if(!is_admin() && !current_theme_supports('avia_no_session_support') && !session_id()) session_start();
    

    and upload it (best to child-theme with shortcodes loading snippet)

    #956013

    This will end in bland starting pages where you can not place any films or maps.
    Self-hosted files you can use always, but that makes your server again lame.
    5Mb movies with simultaneous access of 10 users – then the performance is in the basement.
    So it’s best to start with a landing page that only contains buttons for consent and the privacy notice? These Pages than with handmade SEO etc. pp leading you to the real content start page!

    #971080

    Hi there,

    fyi – for all who are interested in the correct ways:
    An attorney just let me deactivate the complete Cookie Banner for a Website without tracking and just Session ID´s!!!

    #971083

    Mailchimp Cookies??

    Is there a way to deactivate the mailchimp cookies with the new Cookie Management Extension?

    #971142

    Hi,
    I believe the mailchimp cookies are set via mailchimp, our element is more of a wrapper for their API. Perhaps mailchimp offers this option via their dashboard?

    Best regards,
    Mike

    #971168

    Hi, ya … but because Mailchimp is near by an integral part i was thinkng if it is too compicate to integrate it in the new Cookie notice board
    with the OptIn for the other trackingCookies?

    #971661

    Hi,
    Sorry, I don’t understand your question, are you referring to the “Append a privacy policy message to mailchimp contact forms” option? This allows for a message but doesn’t control the cookie.

    Best regards,
    Mike

    #971662

    Yes that´s the point! it would be nice to have something like this for mailchimp as well.

    Google Map Settings:
    [av_privacy_google_maps]

    Vimeo and Youtube video embeds:
    [av_privacy_video_embeds]

    #972001

    Hi,
    I see, these allow the users to disable the elements, not the cookies though.
    Please request this feature on the Enfold feature request form.
    As this is where the dev team looks for ideas for new features and improvements.

    Best regards,
    Mike

Viewing 16 posts - 1 through 16 (of 16 total)
  • You must be logged in to reply to this topic.