Advertisement:

Author Topic: GDPR Compliance and Osclass script  (Read 8900 times)

Aficionado

  • issues
  • Hero Member
  • *
  • Posts: 6240
  • Hardliner
Re: GDPR Compliance and Osclass script
« Reply #105 on: April 14, 2018, 12:51:34 am »
Thank you @marius and @calinbehtuk for the time you spend to talk about all that.


marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #106 on: April 14, 2018, 12:55:32 am »
Aficionado,

https://support.google.com/analytics/answer/6004245

Google Analytics cookies

Google Analytics mainly uses first-party cookies to report on user interactions on Google Analytics customers’ websites.

For customers who use Google Analytics Advertising Features, Google advertising cookies are used to enable features, such as Remarketing, for products like AdWords on the Google Display Network. For more information about how Google uses advertising cookies, visit the Google Advertising Privacy FAQ. To manage settings for these cookies and opt-out of these features, visit the Ads Settings.

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #107 on: April 14, 2018, 12:59:47 am »

But still. what do you think about 2 way crypting to insert datas into the apparently random cookie nameValue(I'm not saying that osclass does this, but a random string can hide some datas... and that means that session cookie is under GDPR).

Here i can't tell you anything about that. I know that osclass store in session for visitors some data but this data cannot be used to identify a person, in this data is no ip or email, so i think that is no issue if this cookie is created in the vistor browser with the session id.

I was talking in general way...it could be possible.... and when a non IT entity finds out that is possible, those cookies also will be included.

You have more experience than me, if you don't start the session with session_start() or if session.auto_start is set to 1 https://secure.php.net/manual/en/intro.session.php  can you work on the db OOP way like osclass does? I gues not, am I right?
EDIT
I've read that you can't use $_SESSION global array then...so I gues the site won't show even the homepage as it checks to see if the user is logged in in header and footer in order to show register/login instead of my account and log out.

Edit again.
I tested with cookies disabled and deleted in browser. Besides that login is not working, the site seems fine. This is good news.
« Last Edit: April 14, 2018, 01:45:46 am by marius-ciclistu »

Aficionado

  • issues
  • Hero Member
  • *
  • Posts: 6240
  • Hardliner
Re: GDPR Compliance and Osclass script
« Reply #108 on: April 14, 2018, 03:17:34 am »
Some more data for reading, especially the comments:

https://make.wordpress.org/core/2018/03/28/roadmap-tools-for-gdpr-compliance/

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #109 on: April 16, 2018, 09:08:17 pm »
What do you know about the cookie from gcs custom search?

Aficionado

  • issues
  • Hero Member
  • *
  • Posts: 6240
  • Hardliner
Re: GDPR Compliance and Osclass script
« Reply #110 on: April 20, 2018, 04:36:10 pm »
Only a month is left and still not a SINGLE information from Osclass team about GDPR.

Not enough time to do anything. I'm a bit sceptical about all this.

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #111 on: April 20, 2018, 09:18:31 pm »
Aficionado, have you seen some new info about the seesion's cookie?

Aficionado

  • issues
  • Hero Member
  • *
  • Posts: 6240
  • Hardliner
Re: GDPR Compliance and Osclass script
« Reply #112 on: April 20, 2018, 09:35:27 pm »
Aficionado, have you seen some new info about the seesion's cookie?

No, i did not. Please post here any important information.


marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #113 on: April 20, 2018, 09:41:29 pm »
I still wait to see/read clarification about that cookie.... And I don't know what to do about it...
For gcs and g analytic it's clear. Load only after user accept.

muratbora

  • Full Member
  • ***
  • Posts: 197
Re: GDPR Compliance and Osclass script
« Reply #114 on: April 22, 2018, 12:01:17 pm »
How do you do loading G Analystic after user accept? is it not loading automatically as soon as user visit your site?

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #115 on: April 22, 2018, 12:50:14 pm »
By putting the g a code into a function that gets called with an onclick event via an accept button. For this you must place that script in footer, not just enter your g a code in admin for example.


marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #116 on: April 22, 2018, 04:47:30 pm »
I forgot. In order to not show that button in all pages after one accept, you can store that info in SESSION global and with an if load that function on pageload or via accept button.

Edit. Or you can set a cookie instead of that session :))))

After I'll make this for me, I'll share the mods needed for g a here. I still wait for infos about the session cookie.
« Last Edit: April 22, 2018, 04:58:52 pm by marius-ciclistu »

teseo

  • Hero Member
  • *****
  • Posts: 6169
Re: GDPR Compliance and Osclass script
« Reply #117 on: April 23, 2018, 02:04:48 pm »
Hi,

That Osclass session cookie contains a random code needed to bind the browser to an internal session file (sess_[random_code]).

This session file contains sensitive data when the visitor is logged in or (temporarily) when they are posting an ad anonymously.

Regards

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1540
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #118 on: April 23, 2018, 04:32:27 pm »
Hi,

That Osclass session cookie contains a random code needed to bind the browser to an internal session file (sess_[random_code]).

This session file contains sensitive data when the visitor is logged in or (temporarily) when they are posting an ad anonymously.

Regards

Hi. So in your opinion it's under GDPR or not?

teseo

  • Hero Member
  • *****
  • Posts: 6169
Re: GDPR Compliance and Osclass script
« Reply #119 on: April 23, 2018, 04:57:53 pm »
I don't know, this is a very tricky matter. ???

Session files should be temporary, but for instance, if a logged-in user doesn't logout and just closes the browser, sensitive data would still remain there.

The main problem is that once the browser is closed, you as admin don't have a way to identify that given session file, so I guess you should add a cronjob to delete all session files older than 1 day.

Regards