Am 10.03.2014 16:54, schrieb Chris Steipp:
- catch the click on the "Login" link to show a banner first to ask for
the users consent, on acceptance forward the user to the login page
- modify the login process to set the cookie after the actual login and
put an additional text on the login page like "by logging in I accept the usage of cookies by this website"
The cookie on the login page is for the anti-csrf (and captcha if needed) validation, so getting rid of it would be problematic from a technical perspective (or would require a second click on the login page).
Thanks Chris for this comment.
So that leaves us with option 1) - a javascript banner. I think that shouldn't be too hard to implement.
A <div> which hovers over the Wiki page, the text, two buttons [accept] / [leave]. Accept points to Special:Userlogin, leave just closes the banner. A javascript that shows this <div> onclick() on the Login link, if no cookie has already been set by the Wiki.
Maybe even a LocalSettings.php variable $wgApproveCookies = true; that is true by default and allows admins of internal company wikis etc. to disable that banner.
As an option we could even add another setting $wgApproveCookiesAlways, which makes the same <div> to show up as soon as a user enters the wiki. That way we can support admins that have further extensions installed in their wiki which add cookies right away - like Google Analytics.
/Manuel