Welcome to the archive of the old FlatPress support forum. Browse more than a decade of FlatPress wisdom! Login is disabled.

The current FlatPress support forum is available here: forum.flatpress.org
Flatpress cookies
  • Quick questions: What does Flatpress need/use the session cookie for, and can it be omitted/worked around to make Flatpress more compliant with EU Directive 2009/136/EC? (Some old grumpy suits have apparently decided that you can't set a cookie without asking the visitor for permission before setting it, and now more and more national laws includes this demand so there needs to be some solution available for the future.) The user/password cookies are not a problem, nor is storing the name/mail on those making comments as you can acquire permission to set these cookies before doing it.
  • Flatpress uses sessions for example with CAPTCHAs plugins or it uses session in the admin panel: the Smarty's var success is stored in the session to display the notify after the redirect. To check the user permission to set cookies you could write a plugin: as I remember it's possible remove headers in PHP... Or you have to overwrite che cookie so the set-cookie header is sent but with an old expiration. EDIT: I've seen that the header_remove function is available from PHP 5.3.0 :-( Otherwise you can edit the system files.
  • Thanks pierovdfn. I know that sessions are used for CAPTCHA, I was the one that started the port of the php/securecaptcha to flatpress :) I was more thinking in the line of what a *clean* install of FP uses the session cookies for, like the admin panel. Guess I'll have to dig in the code looking what's going on unless NWM has a quick answer?
  • macmathan said: Guess I'll have to dig in the code looking what's going on unless NWM has a quick answer?

    What do you mean? For the comments cookies? They're in comments.php, from line 170 to line 185 (checked into the last revision of the file). You could simply add a checkbox to comment-form.tpl and use a boolean variable called setcookie with the check if the user is logged in with an AND. I think it's the fastest way. However I think that the comments mechanism of Flatpress needs some more hooks. Quick way to found where sessions are used: find . -type f -exec grep -Hn sess {} \; This command confirmed that sessions are by default used in * Antispam plugin * Smarty validate plugin * Success after redirects in the Admin Panels * Name of uploaded files after the redirect
  • Yes, the check-box approach for comments would do nicely. I had that in mind. It wouldn't be too hard to add, even with the current hooks. It's the setting of the session cookie before being able to get a visitors permission that is the culprit, but if that cookie are used only in the above parts, none needs it at once, so I can ehm... hack the session writing a bit to delay writing it until having the visitors acknowledgement. Thanks for the help.
  • However you could also hack the session file and start session only if the user is logged in. For the captchas you can hash the answer on a hidden field so it does not use a session var. Fortunately comments don't use Smarty Validate. For the checkbox, I'm sorry but it's impossible without hooks, if your version of PHP isn't greater or equal to 5.3.0...
  • Hmm, ok. I'll sort that checkbox thing out. Quite nice idea with session only running for a logged in user. That could solve some of the issues. I know I should know this, but what parts of FP use the Smarty validates (for a not logged in user). The contact form does it, right? I'm thinking of stop using CAPTCHA anyway so that's not an issue here. The Smarty part might be.
  • macmathan said: The contact form does it, right?

    Yes, you are right... However, you can hack the page with some if and else, as comment file does. It's quite easy.
  • Add a Comment
    Start a New Discussion

    Howdy, Stranger!

    It looks like you're new here. If you want to get involved, click one of these buttons!


    In this Discussion