On Thursday, May 26, 2011 4:47:10 PM UTC+1, Eric Hutchinson wrote: > > I'm sure by now everyone's seem the total freak out over the uk cookie > law. (http://blog.silktide.com/2011/05/cookie-law-makes-most-uk- > websites-illegal-what-you-need-to-know/<http://blog.silktide.com/2011/05/cookie-law-makes-most-uk-websites-illegal-what-you-need-to-know/>) > > Since django with the > sessions middleware installed automatically sets a cookie, I believe > this violates the law? Since I have to deal with UK users, I need to > be able to prevent them from receiving cookies until they log in. How > does one do this? The problem is while the csrf cookie is allowed > under the law (i think, it's vague) it's meaningless without being > tied to the session cookie? Perhaps this makes the session cookie ok > too? Anyone have any idea?
That blog you link to appears to be a lot of scare-mongering based around a single story published in the Daily Telegraph, which itself is using it as a hook for its usual anti-European "oh look what those terrible Eurocrats have done now" stance. In particular, looking at the actual guidance, there doesn't seem to be anything wrong with the sessions middleware, since it's an essential part of making the site work. -- DR. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
