On Tue, Mar 11, 2014 at 10:33 PM, rupert THURNER
<rupert.thurner(a)gmail.com>wrote;wrote:
Am 10.03.2014 17:01 schrieb "Manuel
Schneider" <
manuel.schneider(a)wikimedia.ch>gt;:
Am 10.03.2014 16:54, schrieb Chris Steipp:
>> 1) catch the click on the "Login" link to show a banner first to ask
for
>> the users consent, on acceptance forward
the user to the login page
>>
>> 2) modify the login process to set the cookie after the actual login
and
> put
an additional text on the login page like "by logging in I accept
> the usage of cookies by this website"
> The cookie on the login page is for the anti-csrf (and captcha if
needed)
validation, so getting rid of it would be problematic from a technical
perspective (or would require a second click on the login page).
Thanks Chris for this comment.
So that leaves us with option 1) - a javascript banner. I think that
shouldn't be too hard to implement.
A <div> which hovers over the Wiki page, the text, two buttons [accept]
/ [leave]. Accept points to Special:Userlogin, leave just closes the
banner.
A javascript that shows this <div>
onclick() on the Login link, if no
cookie has already been set by the Wiki.
Maybe even a LocalSettings.php variable $wgApproveCookies = true; that
is true by default and allows admins of internal company wikis etc. to
disable that banner.
As an option we could even add another setting $wgApproveCookiesAlways,
which makes the same <div> to show up as soon as a user enters the wiki.
That way we can support admins that have further extensions installed in
their wiki which add cookies right away - like Google Analytics.
Is there any technical argument against this proposal?
Rupert
What's the fallback for users without JavaScript enabled in this scenario?
Remco