-
AuthorPosts
-
April 11, 2018 at 2:56 pm #940524
Hello!
After testing the cookies on a default WP installation without any plugins I discovered Enfold sets a cookie when the site is entered by a visitor. The name of the cookie is PHPSESSID and results from the Enfold theme – the default WP themes doesn´t set any cookie.
I searched the sourcecode for “session_start” and found it here:
– masonry_entries.php (/enfold/config-templatebuilder/avia-shortcodes)
– portfolio.php (/enfold/config-templatebuilder/avia-shortcodes/portfolio)
– php.js (/enfold/config-layerslider/LayerSlider/static/codemirror/mode/php)Enfold version: 4.2.6
As you know setting a cookie without acceptance by the visitor is against the law (EU GDPR). So we need to disable this cookie.
How can this be done?Best regards
JanApril 11, 2018 at 5:43 pm #940590Hey Jan,
We will add an option in upcoming Enfold update which is planned to be released within a week or so :)
Best regards,
YigitMay 12, 2018 at 3:08 pm #955763We will add an option in upcoming Enfold update which is planned to be released within a week or so :)
Hey Yigit,
I installed Enfold 4.3.1, but I can’t find the option to disable the cookie. Where is ist?
Best regards
David
May 13, 2018 at 12:57 am #955920Hi,
I believe this was addressed via the settings Enfold Theme Options > Cookie Consent > Cookie Consent Message which doesn’t disable the cookie, but is compliant by notifying the visitor of the cookie.Best regards,
MikeMay 13, 2018 at 9:54 am #955994Thank you, Mike, for your answer!
So disabling the cookie is still just possible hard coded in the theme?
Best regards,
DavidMay 13, 2018 at 10:18 am #955997sorry but this is absolutely not true. The PHPSESSID is something that will be always (ubiquitär) if you visit any page. It has nothing to do with Enfold. This session cookie is normal usage in internet and if ( yes there are methods ) you kill that cookie the url is used instead! This is on my point of view even more security risky than that littel cookie with a crypted ID.
A lot of browser even don’t list it because it is concerning to php usage standard behavior.
http://php.net/manual/en/function.session-id.phpthe only cookie set by enfold now is that cookie consent cookie. This cookie saves your answer if you accept or deny cookie usage.
By the way – go and deny in your browser cookie usage at all and look what happend if your start your browser?
There was a fallback solution for that etc pp.Don’t get panic with GDPR (DSGVO on Germany)
Many people now worry about the implementation of the obligation to educate on the Internet and on their websites about dataprotection.
The risk of a written warning by lawyers is only great if the privacy statement is missing or hidden only to find. This has to remain almost always visible and clickable. Many Peaople place the cookie note in such a way that it hides the link to Privacy Policy or Imprint.The point of the list of processing activities is also a big point.
You have now to have a documentation about your handling with data at your business. This list must be available at the request of the Data Protection Officer responsible for you. (Previously, anyone with legitimate interest could demand this release)- This reply was modified 6 years, 7 months ago by Guenni007.
May 13, 2018 at 10:31 am #956000The PHPSESSID is something that will be always (ubiquitär) if you visit any page. It has nothing to do with Enfold.
Sorry, but that’s bare nonsense. Of course Enfold sets this session cookie. @deeluuxe listet some files where Enfold uses
session_start()
which causes this cookie. No standard WordPress theme does this btw. …May 13, 2018 at 12:16 pm #956011If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose.
What is the reason to avoid session id?
if f.e. here on board the session is killed – you will be loggt off.
People use Google Adsense – Google Analytics etc. if there is a use with anonymiser than even those cookies are GDPR conform.by the way – these are three ALB Elements – i tested it – comment the whole line out like:
// if(!is_admin() && !current_theme_supports('avia_no_session_support') && !session_id()) session_start();
and upload it (best to child-theme with shortcodes loading snippet)
May 13, 2018 at 12:27 pm #956013This will end in bland starting pages where you can not place any films or maps.
Self-hosted files you can use always, but that makes your server again lame.
5Mb movies with simultaneous access of 10 users – then the performance is in the basement.
So it’s best to start with a landing page that only contains buttons for consent and the privacy notice? These Pages than with handmade SEO etc. pp leading you to the real content start page!June 11, 2018 at 11:24 am #971080Hi there,
fyi – for all who are interested in the correct ways:
An attorney just let me deactivate the complete Cookie Banner for a Website without tracking and just Session ID´s!!!June 11, 2018 at 11:25 am #971083Mailchimp Cookies??
Is there a way to deactivate the mailchimp cookies with the new Cookie Management Extension?
June 11, 2018 at 1:19 pm #971142Hi,
I believe the mailchimp cookies are set via mailchimp, our element is more of a wrapper for their API. Perhaps mailchimp offers this option via their dashboard?Best regards,
MikeJune 11, 2018 at 1:43 pm #971168Hi, ya … but because Mailchimp is near by an integral part i was thinkng if it is too compicate to integrate it in the new Cookie notice board
with the OptIn for the other trackingCookies?June 12, 2018 at 1:13 pm #971661Hi,
Sorry, I don’t understand your question, are you referring to the “Append a privacy policy message to mailchimp contact forms” option? This allows for a message but doesn’t control the cookie.Best regards,
MikeJune 12, 2018 at 1:17 pm #971662Yes that´s the point! it would be nice to have something like this for mailchimp as well.
Google Map Settings:
[av_privacy_google_maps]Vimeo and Youtube video embeds:
[av_privacy_video_embeds]June 13, 2018 at 3:17 am #972001Hi,
I see, these allow the users to disable the elements, not the cookies though.
Please request this feature on the Enfold feature request form.
As this is where the dev team looks for ideas for new features and improvements.Best regards,
Mike -
AuthorPosts
- You must be logged in to reply to this topic.