Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sweden Crunches Cookies

Posted by michael on from the chocolate-chip dept.

dillkvast writes "According to this article (swedish) at ComputerSweden swedish websites must now have the user's consent to use cookies. The law also states that the user is to be informed of what the information stored in the cookie is, and its intended use. This leaves swedish website with two options: No cookies at all, or a special page where the user is informed of the cookie use and can choose to either accept or reject the cookies. This represents a huge problem for swedish sites which use .asp and .php session variables, the article states, which will have to rewrite their sites to present the user with a chance to confirm that cookie use is ok. The law comes into force today."

2 of 401 comments (clear)

  1. Please accept this cookie... by Snags · · Score: 1, Redundant

    Do you wish to receive cookies from our website for the purpose of ...?
    ( ) Yes (X) No Submit

    You indicated that you do not wish to receive cookies.
    May we set a cookie to remember this decision?
    ( ) Yes (X) No Submit

    You indicated that you do not wish to receive cookies.
    May we set a cookie to remember this decision?
    ( ) Yes (X) No Submit

    ...

    --
    main(O){10<putchar((O--,102-((O&4)*16| (31&60>>5*(O&3)))))&&main(2+ O);}
    LN2 is cool!
  2. Re:Bigger security risk by tomhudson · · Score: 1, Redundant
    Poster wrote:
    There's a greater chance that your session would be hijacked accidentally if you fwd a URL that has your session ID in it to someone else.
    Not really. First, the session id is only good for that session. Once you (a) log out, or (b) time out, the session ID is no more good.

    Second, there's no real reason to forward a url from pages that require cookies (since you, presumably, want personalizations for those pages). More likely, you'll be forwarding urls from pages that don't require cookies. If you really want to forward a page w. a url, you can always edit the url before hitting the "send" button.

    Third, you can always improve your site's security by doing the following: when the person requests a page, get the old session id. It's valid? restore the session. Now, remove the session, and create a new session (now have a new session id). They can forward pages with session ids to their hearts' content, since each id is only valid for requesting the next page. The only drawback (and it's actually a benefit for web-based apps) is that the user can't hit the back button - the previous pages' id is no longer valid. This will actually keep your apps' state consistent :-)