Possible Duplicate:
How do I comply with the EU Cookie Directive?
Under this new EU law we are not allowed to use any cookies without asking first,
I for one need to use a cookie to register the user logged on, as if not with a cookie they can log on more than once and breach the license terms of the software.
so i find myself asking what can we use instead of cookies to perform this task?
Not really an answer towards an alternative to using cookies for log on session tracking, but it seems to point to the idea that the question may be moot.
From here:
Essentially, the EU’s directive stated that websites would have to obtain informed and explicit consent from their visitors through notifications every time a cookie is to be placed on their machine. The only exception is for cookies strictly necessary for the legitimate purpose of enabling the use of an explicitly requested service.
I would think that the exception covers the need for session-tracking cookies; as in 'strictly necessary' to access the service(s) of your site.
Disclaimer: I'm Not A Lawyer, and I don't live in the EU. :)
You can add a session identifier to a hidden field in all pages or to the URL.
You could also ask all existing users for permission to use cookies and add a new cookie clause to your license.
It might be less expensive to drop non-compliant customers that to recode your site.
I guess you could resort to something like evercookie, but without the actual cookie and just use the other techniques.
My laymans interpretation says you can place cookies on someones machines if they explicitly request for you to render them a service and the cookie is required for the service to function. Like clicking the Login button on a web page. It is trying to exclude secret cookies that the users didn't ask for and don't know exist.
This would be a useless law in the US, as every advertiser would argue that clicking on the link to load the page would be explicitly requesting the ads on the page, and that the cookies they place on your machine were explicitly requested with the simple action of visiting a URL. EU might be different, it looks pretty technically un-enforceable to me.
If this really an issue for your site then host it somewhere outside of the EU. The last time I checked the EU cannot control the entire internet.
