The cookies that facilitate interaction with a user, particularly a logged in user are provided as part of the functionality of MediaWiki, the open source software that this wiki runs on. These cookies may allow personalization for a logged in user. Third-party cookies provided by Google Inc are used to monitor site activity.
A HTTP cookie is a piece of text data (file) stored by a website within a browser, and then subsequently sent back to the same website by the browser. Cookies were designed to be a reliable mechanism for websites to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago. Typically, they contain at least two pieces of information: a site name and unique user ID. Other text may be appended but is not interchanged externally once created. However what was created might have been sent from the server so the server can cross reference back using the unique user ID.
Are text files that allow a site to link the actions of a visitor during a single browser session. They are not stored long term and are usually considered "less privacy intrusive" than persistent cookies.
These remain on the user's device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password each visit.
A cookie is classed as being first-party if it is set by the site being visited. This is termed the domain, which can also relate to subdomains. It might be used to study how people navigate a site.
It is classed as third-party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor's viewing habits.
These mainly relate to tracking cookies and especially third-party tracking cookies that have been commonly used as way to compile long-term records of individuals' browsing histories. It is not known if the third-party tracking cookies used on Ganfyd could be used in this way as Ganfyd has had no control over their content and the way they have actually been used, independent of why they were installed on the website to monitor usage. It is suspected that users have minimum to fear in this regard as the third party chosen by Ganfyd would suffer legally, reputationally and commercially if it failed to comply with European privacy regulations.
Paradoxically the only way to easily remove a default message on cookies to stop it annoying users is to set a cookie !. In any case since we rely on external software and modifing this software to create a persistent cookie is not trivial and would have to be done at each upgrade for the moment we have a persistent message on cookies.
- The Wiki cookies are :
- wikidbLoggedOut - contains time logged out : 2 day expiry
- wikidb_session - login session current : expires end session
- wikidbUserID - numeric id if you log in : 1 month expiry
- wikidbUserName - your log in name : 1 month expiry
- The third party cookies are (more details at Google analytics cookies):
- __utma - captures alot of time related activity : 2 year expiry
- __utmb - captures some time related activity : Day expiry
- __utmc - session data : Session expiry
- __utmz - captures refer url : 6 month expiry
A definitive specification for cookies was published as RFC 6265 in April 2011. Browsers are designed to handle cookies as securely as possible. It is recommended on general grounds that you use Ganfyd with an up to date browser as historically some browsers had problems in how they handled cookies. Browsers are now designed to cope with cookie lengths of up to four kilobytes, and at least 20 cookies per server or domain.
Cookies have a name–value pair (cookie crumb), but HTTP servers can also set several other cookie attributes:
- Cookie domain
- A path
- Expiration time or maximum age
- Secure flag
- HttpOnly flag.
Browsers will not send cookie attributes back to the server. They will only send the cookie’s name-value pair. Cookie attributes are used by browsers to determine when to delete a cookie, block a cookie or whether to send a cookie (name-value pair) to the servers.
Do Not Track
As of 2012 there is no agreed standard although the major browsers will all have implemented this feature by year end. The Website DoNotTrack provides more details. Microsoft has a test page which illustrates the multiple different implementations that exist. We would have to alter our wiki PHP code and in the past we have run into upgrade issues when we have done this. Reference server side code exists.
- The user is provided information about how this data is used;
- The user is given the possibility of denying this storing operation. However, this article also states that storing data that is necessary for technical reasons is exempted from this rule.
The UK law changed on 26 May 2011 with implementation on 26 May 2012. Guidance based on these laws says:
- Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
- If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
To comply with this requirement a default site notice about cookies was added to every page on 25 May 2012. We apologise if this impairs the user experience for those more used to accessing web pages from other jurisdictions.