Cookies that are crucial for the functioning of the website cannot be disabled by the user.
Comment on They tried
DeriHunter@lemmy.world 1 year ago
Serious question: I know that there are tracking cookies and the user should be able to decline those,but most sites have an auth cookie that stores you’re credentials. The devs can store it in a different place like local storage but thats really unsecured.what can the devs do in this situation when the user decline all cookies?
fosforus@sopuli.xyz 1 year ago
sip@programming.dev 1 year ago
well, they can be disablef by the user and the site simply won’t work.
shasta@lemm.ee 1 year ago
He means they are exempt from the EU law that says the use must be presented with the option to disable it
Phen@lemmy.eco.br 1 year ago
The eu rules are mostly about unnecessary cookies. Most web devs just copied whatever everyone else was doing and now there’s this standard of having to accept cookies but the EU doesn’t really enforce it like that
dzire187@feddit.de 1 year ago
it’s not up to the EU to enforce it.
heeplr@feddit.de 1 year ago
not sure why you’re downvoted. of course member states enforce it.
KevinNoodle@lemmy.world 1 year ago
Usually the prompts are specifically for tracking cookies, not essential ones for login. Alternatives without cookies:
- URL sessions
- Tokens
- OAuth/OIDC third party
- Local/Session Storage (ditto - mind the risks)
nothacking@discuss.tchncs.de 1 year ago
The GDPR is not “cookie law”, it only prohibits tracking users in a way not essential to the operation of the site using locally stored identifiers (cookies, local storage, indexed DB…)
Storing a cookie to track login sessions, or color scheme preference does not require asking the user or allowing them to decline.
smileyhead@discuss.tchncs.de 1 year ago
What the dev can do if user decline processing of personal data is not store such personal data in cookies or anywhere.
Or even better, do not track the user so the consent would only be needed in for example registration form.
GuroGuru@lemmynsfw.com 1 year ago
The EU is not stupid. They categorized cookies into the necessary ones for site-usage and those that aren’t. So developers just categorize their session cookie (rightfully) as necessary and that’s it.