Joomla sets a session cookie. The session cookie stores a unique
string on your workstation which is then used to track you as a
"visitor" to the site. Properly behaving components will generally
store any other data associated with your session in the session
variable[though this does not work for all use cases, for example
shopping carts may need to keep their own cookie set for your shopping cart]
You can use an extension like
https://chrome.google.com/webstore/detail/kbnfbcpkiaganjpcanopcgeoehkleeck?hc=search&hcp=main
<https://chrome.google.com/webstore/detail/kbnfbcpkiaganjpcanopcgeoehkleeck?hc=search&hcp=main>
to view the active cookies.
The session cookie name is an MD5 hash of logged in username, ip
address, and some other info. So it is practically meaningless. As is
it's value. For example, on one website right now my session cookie
value is:f5fc5356924c8ed30c9bca2ac70761bf and the name is equally
meaningless.
In addition to the session cookie, if you have set the "remember me"
flag there is also a remember me cookie saved with an encrypted version
of your username and password.
Lastly, it's extremely difficult to disable these cookies... though of
course it can be done, for example:
http://www.commerce.gov/
Is a Drupal site which does not set a session cookie.
The session cookie is needed for user logon[or some really alternate
method of logon has to be used] - but for anonymous users it can be done.
On the downside, it's not done yet, as evidenced by:
http://forum.joomla.org/viewtopic.php?p=2613084
My general understanding is that when they say disclose, they don't mean
you have to specify the cookie names, you simply must specify what
cookies are set, what they are for, and how long they last. Something like:
http://www.nist.gov/public_affairs/privacy.cfm
On 9/15/2011 12:51 PM, Laura Gordon wrote:
Hi all,
Question for you, I have been told that all government sites need to
disclose all cookies that are on their website, here is my question...
How can you 'disclose this', with the number of different components
and how they all work?
so where are the cookies in:
joomla
docman
rsforms
sobi2
Anyone else on a government site, and were able to overcome this
requirement, and how?
thanks,
Laura
--
I have a new email address: [email protected]
<mailto:[email protected]>
Member of www.JoomlaNYC.org <http://www.JoomlaNYC.org>
Trainer for www.JoomlaTraining.com <http://www.JoomlaTraining.com>
Sponsor for www.JoomlaDayNYC.com <http://www.JoomlaDayNYC.com>
Come to JoomlaDayNYC.com - 2011 - October 22 & October 23
www.RytechSites.com <http://www.RytechSites.com>
Dynamic Websites for your company!
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP SIG: Joomla! Mailing List
http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
