EU Cookies Permission Script
Starting Sat May 26th, 2012, the new (2009) EU Cookie Rules law goes into affect. This rule states that website owners of sites owned by EU companies and private individuals, are required to obtain permission from their visitors before they can place cookies onto the visitors computers.
This is a pretty clueless law, as many websites simply won't function without the use of cookies. If the visitor who really already has control over what cookies they accept via their browser, decides to not permit a site to use cookies, many websites simply won't function.
After looking at a number of Jquery and other similar implementations, I came up with a system that I would use, should I have been required to adhere to this rule (I am not as I am a US site). This system takes the approach that if a visitor does not grant permission to the site to use cookies, there is no access available.
Downloads
Coming in Version 2.0
- Capture of original page so that after approval, the visitor is sent on to the original page they were heading to
- Additional checks for robots.
- New ability to white list hostnames and IP and IP blocks for bypass
Sample Screen
You can of course modify the script and the built in style, but the default script looks like:
click to enlarge
Note that if you change the Permission Cookie name in the script, you will need to adjust the script snippet above to match.
How it works.
This process assumes you are using a site with PHP capabilities.
Basically, the website places code in a central code segment of the website. For my site this is a specific index.php script through which all website access flows through. Others it might be a configuration file, or for systems like SMF forums, smf/index.php is the key file.
The "Permission Cookie"
The permission cookie that this sample system uses is named "permission_cookie".
Inserting the Redirect Code Hook
In these files you insert a small code segment before moving forward with the connection. This section of code looks like:$okay =0;
// No... lets see if this is a spider/crawler or bot
if (isset($_SERVER['HTTP_USER_AGENT'])) {
if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"bot" ) !==FALSE ||
strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"spider" ) !==FALSE ||
strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"crawler" ) !==FALSE) {
// YES Lest set Okay
$okay= 1;
}
}
// Not a bot, so we send them to our cookie permission page
if(!$okay) {
header("Location: /cookies.php");
exit;
}
}
- If the Permission Cookie exists.
- If the visitor looks like a search bot/crawler or spider (lets them pass)
- and if not, forces the visitor to the cookies.php script to ask them for permission.
The cookies.php Script
A basic cookies permission script has been created using PHP that contains a basic script that is used by this process to display the notice to the user and obtain permission from them. If permission is granted, a "Permission Cookie" is placed on the visitor's computer with a 1 year expiration. If permission is denied (or the script is called with a denied call), the "Permission Cookie" is removed if it exists.
If the user declines the permission, they basically are stuck at this script. Attempts to gain access to the main site will send them back to the Permission Page.
Declining the Cookie
If after the fact, the visitor wants to remove the permission cookie, you can create a link on your website which will undo this. The link should look like:Adjusting the Script
The following variables are in the sample script and can be modified to make it fit into your system.
| Variable Name | Purpose |
|---|---|
| $SITE['timezone'] | Change the timezone to match your location |
| $SITE['homepage'] | What is the main page to send the user when they agree |
| $SITE['pcookie'] | Name of the Permission Cookie |
| $SITE['pcookietm'] | How long before the cookie should expire |
| $SITE['pagetitle'] | Page title of the cookies.php page |
| $SITE['charset'] | What Char set |
| $SITE['desc'] | Meta Description to use for the Page |
| $SITE['keys'] | Meta Keys for the page |
| $SITE['favicon'] | Location of the Favicon.ico file |
| $SITE['gwebmaster'] | Google Webmaster code (if you use one |
Inserting the Hook Code into specific packages
The following are examples of where you can place the redirect code snippet for various software systems.