NYCPHP Meetup

NYPHP.org

[joomla] question about cookies in joomla

Laura Gordon rytech123 at gmail.com
Thu Sep 15 14:49:42 EDT 2011 

Gary,
Thanks for your reply!  Do you know if this session cookie only applies when
you are logged in to the system, or is it always enabled?

Only administrators login, not the general public.

thanks,
Laura

On Thu, Sep 15, 2011 at 1:43 PM, Gary Mort <garyamort at gmail.com> wrote:

>  Joomla sets a session cookie.    The session cookie stores a unique string
> on your workstation which is then used to track you as a "visitor" to the
> site.  Properly behaving components will generally store any other data
> associated with your session in the session variable[though this does not
> work for all use cases, for example shopping carts may need to keep their
> own cookie set for your shopping cart]
>
> You can use an extension like
> https://chrome.google.com/webstore/detail/kbnfbcpkiaganjpcanopcgeoehkleeck?hc=search&hcp=main
> to view the active cookies.
>
> The session cookie name is an MD5 hash of logged in username, ip address,
> and some other info.  So it is practically meaningless.  As is it's value.
> For example, on one website right now my session cookie value
> is:f5fc5356924c8ed30c9bca2ac70761bf and the name is equally meaningless.
>
> In addition to the session cookie, if you have set the "remember me" flag
> there is also a remember me cookie saved with an encrypted version of your
> username and password.
>
> Lastly, it's extremely difficult to disable these cookies...  though of
> course it can be done, for example:
> http://www.commerce.gov/
> Is a Drupal site which does not set a session cookie.
>
> The session cookie is needed for user logon[or some really alternate method
> of logon has to be used] - but for anonymous users it can be done.
>
> On the downside, it's not done yet, as evidenced by:
> http://forum.joomla.org/viewtopic.php?p=2613084
>
> My general understanding is that when they say disclose, they don't mean
> you have to specify the cookie names, you simply must specify what cookies
> are set, what they are for, and how long they last.  Something like:
> http://www.nist.gov/public_affairs/privacy.cfm
>
>
> On 9/15/2011 12:51 PM, Laura Gordon wrote:
>
> Hi all,
>
> Question for you, I have been told that all government sites need to
> disclose all cookies that are on their website, here is my question...
>
> How can you 'disclose this', with the number of different components and
> how they all work?
>
> so where are the cookies in:
> joomla
> docman
> rsforms
> sobi2
>
> Anyone else on a government site, and were able to overcome this
> requirement, and how?
>
> thanks,
> Laura
>
> --
> I have a new email address: rytech123 at gmail.com
>
> Member of www.JoomlaNYC.org
> Trainer for www.JoomlaTraining.com
> Sponsor for www.JoomlaDayNYC.com
>
> Come to JoomlaDayNYC.com - 2011 - October 22 & October 23
>
> www.RytechSites.com
> Dynamic Websites for your company!
>
>
>
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing Listhttp://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Onlinehttp://www.nyphpcon.com
>
> Show Your Participation in New York PHPhttp://www.nyphp.org/show_participation.php
>
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>



-- 
I have a new email address: rytech123 at gmail.com

Member of www.JoomlaNYC.org
Trainer for www.JoomlaTraining.com
Sponsor for www.JoomlaDayNYC.com

Come to JoomlaDayNYC.com - 2011 - October 22 & October 23

www.RytechSites.com
Dynamic Websites for your company!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20110915/b314622e/attachment.html>

More information about the Joomla mailing list