There are going to be new laws dictating the use of cookies that will soon be put into action. The idea seems credible; however, the implementation is... quite bizarre.
It puts an unnecessary burden on site administrators by requiring them to obtain the client's consent before sending them cookies. Never mind the fact that all popular browsers have the ability to ask the user to accept either all cookies or only third-party cookies. Or block them. Yeah... whatever.
Cookies that are deemed necessary for the site's operation are exempted, but it's dangerously ambiguous in that it doesn't really define such.
The US may follow the EU on this in the future.
Previously, three cookies were sent by this site: one by the Bad Behavior plugin, one for session control, and one for SMF login.
The BB cookie stores the last POST time and the client's IP address. It compares the timestamp that is stored in the cookie with one that is injected into a form. (I think that it's buggy, let alone slightly flawed, but that's not of concern right now).
Session control - this one's pretty straight forward. It simply lets the script know that a valid session is using the script. SMF uses sessions to try to keep a good count on the number of guests browsing the forum.
The third cookie listed keeps the user logged in by storing the username and hashed password.
I have totally turned off BB's cookie. The session cookie has been turned off for guests, and the third is left alone. After all, by logging on you get a cookie sent to you for session control - it is the fundamental principle behind what makes a logged user different from a random guest.
Topic: Regarding cookies (Read 1099 times)