On Tue, Mar 11, 2014 at 10:33 PM, rupert THURNER rupert.thurner@gmail.comwrote:
Am 10.03.2014 17:01 schrieb "Manuel Schneider" < manuel.schneider@wikimedia.ch>:
Am 10.03.2014 16:54, schrieb Chris Steipp:
- catch the click on the "Login" link to show a banner first to ask
for
the users consent, on acceptance forward the user to the login page
- modify the login process to set the cookie after the actual login
and
put an additional text on the login page like "by logging in I accept the usage of cookies by this website"
The cookie on the login page is for the anti-csrf (and captcha if
needed)
validation, so getting rid of it would be problematic from a technical perspective (or would require a second click on the login page).
Thanks Chris for this comment.
So that leaves us with option 1) - a javascript banner. I think that shouldn't be too hard to implement.
A <div> which hovers over the Wiki page, the text, two buttons [accept] / [leave]. Accept points to Special:Userlogin, leave just closes the
banner.
A javascript that shows this <div> onclick() on the Login link, if no cookie has already been set by the Wiki.
Maybe even a LocalSettings.php variable $wgApproveCookies = true; that is true by default and allows admins of internal company wikis etc. to disable that banner.
As an option we could even add another setting $wgApproveCookiesAlways, which makes the same <div> to show up as soon as a user enters the wiki. That way we can support admins that have further extensions installed in their wiki which add cookies right away - like Google Analytics.
Is there any technical argument against this proposal?
Rupert
What's the fallback for users without JavaScript enabled in this scenario?
Remco