Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Forced Cookies

Status
Not open for further replies.
Tezdread

Tezdread

Technical User
Oct 23, 2000
468
GB
Hi, I work for an internet bank and we had a customer contact us complaining because he has had to change his browser settings to enable cookies so that he can get access to his account.

He was stating that when he first signed up for the account there was nothing in the terms and conditions that said he would have to enable cookies on the system(s) that were used to access the account. Although there is nothing in the terms and conditions, the web site does state that cookies will need to be stored on the system that accesses the account.

He also states that this is a vilotion of the European Legislation. Does anyone know of such legistation?

What are your oppinions on this matter and the general issues with web sites using cookies? Tezdread
"With every solution comes a new problem"
 
Sort by date Sort by votes
I personally dislike cookies, I watch what cookies are placed on my system, and they are usually placed by advertising networks. I have designed an interactive web site that has to keep track of a users session and easily avoided cookies (the company actually asked to avoid cookies) just by having a table in the database track the sessions then passing the session number from page to page.
 
Upvote 0 Downvote
Cookies are a pain in most cases, but there are many instances where they're absolutely necessary. I currently work for a rather large company whose online resources are used by various customers/employees/law enforcement from all over the world. Without cookies, all preferences (history of recent searches, custom toolbars for searching, printing, etc) would have to be stored for each ID locally on the servers. With over a million customers, this is just not feasible or as reliable.

I do agree though that this is not the case in most other situations. Most sites use them for their benefit only. I'd be interested in hearing more about this European legislation that your customer was talking about. I've never heard of such a thing against cookies specifically. If he's that concerned about enabling cookies, have him invest in a 3rd-party utility (like Zonealarm Pro) that can track which sites to accept cookies from and to block all others.

Also ask him to show you documentation or if he can lead you in the right direction regarding this "piece of legislation". :)
~cdogg

"The secret to creativity is knowing how to hide your sources."
- A. Einstein
 
Upvote 0 Downvote
I don't think your client understands the law.

According to this article the European parliament says that cookies are okay.

This one says that the European Council of Ministers has said that cookies are okay if the user is informed that the cookie is being placed on the user's system.

But in either case, it looks like you're good to go.
______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
That first article seems to indicate that users must be given a choice to not use cookies. Does that mean they're supposed to be given the opportunity to take advantage of the site's offerings without the use of cookies?
 
Upvote 0 Downvote
Wouldn't that be like giving the consumer the choice to buy a car without the emblems or a movie rental without the rental card?
I don't think that a group could (make that should, I have seen some strange things pass as normal) restrict how you have to offer your product if it is not harmful in some fashion. Granted cookies in general can be harmful, but your specific cookies are not (I assume).
One argument would be that if the customer would rather that information be asked each and every time they log in (you are under no agreement to use personal storage space for this customer beyond what has been used for other customers) than that is a possibility. Then explain that in order to provide them with the same level of useability that the other customers enjoy they will need to specify (Amazon as an example) every item they ever purchased, the date, the preferred method of shipping, the list of items recetly viewed, the contents of their wish list, their home phone number so that others can call them to hear the items on their gift registry, the addresses of all people they may have sent items to in case they wish to again, their credit card information, ...
We only provide cookies to the consumer as a service so that they can receive a higher level of satisfaction with less amount of input. If they choose not to allow cookies, they cannot expect the same level of satisfaction. At least not until MS comes out with the Server.Create("MSPsychic.ReadUsersMind") object.
-Tarwn "The problem with a kludge is eventually you're going to have to back and do it right." - Programmers Saying (The Wiz Biz - Rick Cook)
"Your a geek!" - My Girlfriends saying
 
Upvote 0 Downvote
Schroeder,
I agree with your interpretation. But the good news is that the European Legislature went with "Opt-out" rather than "Opt-in" with respect to cookies.

Tarwn,
Actually you can order a car without emblems. Police forces in the U.S. will order them that way, for example. But I understand your point.


Classically, a CGI language's session-handling mechanism stores an index to the user's session data in a cookie. It's possible to do that without cookies, such as passing the index around in a form field. PHP, for example, can do that for you automatically if it detects that a browser does not have cookies enabled. ______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
Cookies used responsibly - with the developer balancing between cookies, database, sessions to minimize resources all around - are very much a valid use in my opinion.

If you post before they log in that a cookie is placed - or immediately afterwards where you cannot miss it like Tek-Tips. Than that's sufficient - they do not need to have cookies placed if they do not want to - they can leave - or perhaps to be accomodating, detect first if their browser will accept cookies and redirect to another page to retain information that your site requires if they do not.

This is nothing like the "law" that states that Spammers must include a method to "remove" your name from their list - which then just serves to notify that your email address is indeed a valid one - and be sold again to 3 or 5 or more spammers.

Perhaps even require they type the words YES that they have read your policy regarding privacy and information retained/used in your internet site. It will not make anyone read it, or stop them from calling you to complain. But then your I's are dotted and T's crossed in case someone decides to go further.

All this is of course assuming that responsible use is made of cookies - unlike so many that made the laws be passed in the first place. "Damn the torpedoes, full speed ahead!"

-Adm. James Farragut

Stuart
 
Upvote 0 Downvote
What's the technical side of this? A cookie is a file stored on the viewer's computer. I very much dislike cookies (alas they are now a part of tek-tips also) and frankly, I don't want any web server to access my computer in any way without my permission. By the way, tek-tips runs fine without 'emblems'.

Best regards
 
Upvote 0 Downvote
Sorry the emblems thing was a bad example, I've been sick and thinking at about half the usual rate...:p
-Tarwn "The problem with a kludge is eventually you're going to have to back and do it right." - Programmers Saying (The Wiz Biz - Rick Cook)
"Your a geek!" - My Girlfriends saying
 
Upvote 0 Downvote
DonQuichote,

So you're saying that you have your browser configured to only download the images in an HTML page after you have given it permission to do so? And that you have your browser's content cache turned off? ______________________________________________________________________
TANSTAAFL!
 
Upvote 0 Downvote
I've just skimmed this forum, so I don't know all the details, but I HATE cookies. Also the programs that are dumped on your pc without your knowledge that report back to the installers what your doing. Go to lava soft, download ad-aware. It's a freebie, and when you run it, it finds all those0 files. There getting all this stuff about where you go on the net and such. Double-click is a good one. Do a google search for ad-aware. I run it about once a week and find at least 2 every time, sometimes up to 14. My 2 cents worth.


[hammer] Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com
[americanflag]

"How many things, too, are looked upon as quite impossible until they have been actually effected?."
Pliny the Elder, Caius Plinius Secundus(c.23-79 A.D.); Roman writer.
 
Upvote 0 Downvote
Uhhhm, sleipnir, well, yes.

I think there are a few differences. At first, the cache is not server-controlled, but browser-controlled. It only contains things I did not object to anyway.

As for images, yes also. I block advertisements as much as possible, so they do not appear in my browser.

And to finally answer your questions: If I suspect any foul tricks on a website, I use Lynx.

Now, that technical stuff was not entirely what I meant. The webserver is a 'public' dataspace (otherwise it wouldn't be a webserver, would it?), So anyone retrieving data form a webserver gets public data anyway.

My own computer is not public dataspace. So my question was: is it ethical to store whatever info on a non-public dataspace?

Best regards
 
Upvote 0 Downvote
I think it is considered unethical to store cookies if you have not agreed to it, either by openly disagreeing or not being asked prior to cookie use. I think, however, that cookies can not be considered public data. They were created to store private data on a specific user (ie, you) and though they are misused quite frequently, I think the ethics question of cookies isn't so much whether their storage is ethical, but whether the content and retrieval is ethical.
It would be unethical to store data against your wishes, to store data for reasons other than making your life easier (ie, mailing addresses, shopping preferences for a specific site, etc), or to retrieve and reuse data against your wishes (tracking the pages you visit, etc). basically an ethical cookie (in my mind) would be one that a) You agreed to accept, b) Is only used to help the website customize itself for you as a specific user, c) is only used by the site that gave it to you and only for the uses above.
I think the biggest mis-user of cookies must be advertisers. They drop them on you embedded in popup ads, they attempt to install software (like mentioned above), etc.

The .Net passport sounded like a good idea in so far as it would only be used at your own permission, but who knows how many people would try to use it. I don't mind valid cookies, so long as I know whats being stored and why, but I would agree that they can be a real pain due to the mass of people out there tat misuse them.

-Tarwn "The problem with a kludge is eventually you're going to have to back and do it right." - Programmers Saying (The Wiz Biz - Rick Cook)
"Your a geek!" - My Girlfriends saying
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gurner
  • Locked
  • Question
cross domain tracking, cookies and trusted sites
Replies
4
Views
35
pmonett
pmonett
jvdboom
  • Locked
  • Question
P3P(Platform for Privacy Preferences) and cookies
Replies
0
Views
30
jvdboom
jvdboom

Part and Inventory Search

Sponsor

Back
Top