SSL Labs Score

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

EU e-Privacy Directive

More
1 year 3 months ago #63 by michael
michael created the topic: EU e-Privacy Directive
EU e-Privacy Directive 2.14
Overview
The EU passed the EU e-Privacy Directive...

EU e-Privacy Directive 2.14

Overview

The EU passed the EU e-Privacy Directive in 2002 and made many webmasters very nervous.  Modern web applications rely on cookies for a number of reasons.  Joomla itself sets a session cookie immediately upon the first visit to a site.  There is no facility within Joomla to suppress cookies, so the EU e-Privacy Directive extension was created to fill this need.

There are quite a few Joomla extensions created to deal with the requirement - however, very few of them actually block the cookies prohibited by this law.  The law itself is ambiguous about "strictly necessary" cookies without detailing what is "strictly necessary."  Rather than fall victim to an interpretation, this extension takes a hard line and blocks ALL cookies.

Read more about it here: https://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications

 

Installation

  1. Download EU e-Privacy Directive from the RicheyWeb download page.  
    • This page will remain unlinked, as the link may change in the future.  Visit http://www.richeyweb.com and use the search feature - search for "EU e-Privacy Directive".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled.  You can find the extension by going to the Extensions menu and selecting "Plugins" or "Modules".  When in the plugin/module manager, search for "directive".

 

Configuration

Module Configuration

The module needs to be placed in a prominent position within the page. This module provides output for each of the different display types (except the cookie blocker, which doesn't require the module at all).

In the Beez5 template, it works well to put it into position-12 - which is just above the system message area. So, put it somewhere near the top, somewhere it can be easily seen. Additionally, the Menu Assignment for the module should be set to "On All Pages", otherwise the cookie acceptance options might not be available on some pages.

Because some template positions do not display module titles, the only option within module configuration is an option to display the title within (above) the cookie message. This setting is only applicable to the "Joomla Module" display option selected within the plugin configuration.

Additional module configurations can be found within the plugin configuration.

Plugin Configuration

Your plugin will present 5 options to display the cookie acceptance message - as well as a 6th option which displays no message, but blocks all cookies.

A quick note about the "System Message" option. Many reports were made regarding the messages not being displayed in some templates. Almost all (if not all) of the template frameworks pull shenanigans with the system messages - and as a result, they don't always display. This includes templates by Artisteer, those using the T3 and the Gantry frameworks, and possibly others. The "System Message" option is only provided here for those who had success with it. All others, I would suggest using the "Joomla Module" option to get the same type of output.

It is recommended that administrators test each of the output types to determine what will work best for their site. As you select each display option, you'll notice that the configuration options change. Only configuration options applicable to the display option are displayed.

3rd Party Cookies

Third party cookies are difficult to deal with, because of the way Joomla operates.

If your server runs PHP 5.3 or greater and PHP Reflection is included with your PHP installation, then you have some options for preventing 3rd party cookies. Those on GoDaddy Shared Hosting - add "AddHandler x-httpd-php5-3 .php" to your .htaccess file and you'll be switched to PHP 5.3 with the proper Reflection classes.

The plugin configuration will inform you if your server is not capable of handling this configuration. Within the "Advanced Options" slider, look for this message "Your system lacks the PHP Reflection classes; as a result, this feature is not available on your server."

If you don't see that message, then you'll be presented with an option to select a "View Level". Stop here, you have some configuration to do within the "User Manager".

For 3rd party cookie blocking, this plugin dynamically assigns an access level to the user session when they accept cookies. Plugins and Modules assigned to that access level are then displayed to the user. So, in order to make this configuration, you'll need to have a special access level.

  1. Go to the User Manager.
  2. Enter the "User Groups" from the pill menu.
  3. Create a new User Group - call it whatever you like - perhaps something descriptive like "Accepted Cookies"
    1. Leave the group parent "Public"
    2. Save and Close.
  4. Enter "Viewing Access Levels" from the pill menu.
  5. Create a new Access Level - call it whatever you like - perhaps something descriptive like "Accepted Cookies".
    1. Check the box for the "Accepted Cookies" group.
    2. Save and Close.

Now, go into the EU e-Privacy Directive plugin configuration, and within the "Advanced Options", choose the new access level you just created.

Finally, edit the configuration for each of your modules and plugins that set cookies - and set their access level to the new level you created. You may even consider setting your login module to the new access level - because users will be unable to log in until they've accepted cookies.

GeoPlugin

Using GeoPlugin, it's possible to only display the cookie option to uses who are located in EU countries. With the options turned off - the acceptance message is displayed to all visitors.

Before enabling this option - you should sign-up for a free account with http://www.GeoPlugin.com. Once you've registered your domain, turn the "Use GeoPlugin" option to Yes.

For those concerned that their 3rd party configurations will be lost for users not in the EU, when the GeoPlugin is enabled - if a user is determined to be outside of the EU - they are automatically given the cookie access level.

Acceptance Logging

Some EU states require that when a user accepts cookies - the site operator log that decision.

In "Advanced Options" set "Log Acceptance" to Yes and any acceptance will be logged. The table contains fields id, ip, country, accepted. The ID is a unique id - it doesn't really mean anything. IP is the IP address of the user accepting. If GeoPlugin is enabled - the country field is populated with the data retrieved from the GeoPlugin API. Accepted is the date/time when the user accepted.

If you are ever required to prove that a user accepted, this record should suffice.

HELP

  • I can't click the "Accept" or "Deny" buttons!

100% of the time, this is caused by a z-index value in the template.  Some portion of the template is z-indexed above the buttons preventing them from being pressed.  Try switching to another display method (such as the Modal), or contact your template developer.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Kunena Forum