0

I have a site developed in php that only uses $_SESSION to store user information temporarily while they are logged in. Does using $_SESSION require the site to get user acceptance of "cookies" to comply with the EU cookie law?

UPDATE: My question is different to me. Note the key words "required" and "EU" in my question versus "acceptable" and "UK" in the previous question. The answers in the previous question are opinions only on legal compliance in the UK but include very useful information that will allow me to research my European Union (EU) question further. Thank you for providing reference to that question.

N'Bayramberdiyev
  • 5,936
  • 7
  • 27
  • 47
SteveR
  • 1
  • 1
  • `session` is a `session` and a `cookie` is also independent. you can set a `cookie` as you can set a `session` –  Aug 20 '19 at 20:12
  • I'm not a lawyer but I'd say they don't ([source](https://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm)). – Álvaro González Aug 21 '19 at 18:05
  • How does php know what session variables belong to which user? By setting a cookie. However, using cookies in itself doesn't mean you have to have the popup, most just default to it. – Matsemann Aug 21 '19 at 18:15
  • I'm voting to close this question as off-topic because it's a legal question, not a programming one. – miken32 Aug 21 '19 at 19:20
  • I had assumed you were referring to **session cookies** (e.g. `PHPSESSID`) but in fact it isn't clear in the question and I seem to be the only one who understood that. I suggest you edit the question and clarify that bit. – Álvaro González Aug 22 '19 at 07:55

1 Answers1

0

No you don't need. The reason is, session is only valid for the time is programmed to live and cannot be read by anyone except your server. Cookies on the other hand, stay at your hard drive as long as you don't clear your history, and they can be retrieved by other sites / systems and obtain your info stored (as you already have noticed Facebook doing?).

Marco
  • 2,757
  • 1
  • 19
  • 24
  • 1
    Thank you. This answers my question. I am also able to verify that my site's $_SESSION variables in one browser are not accessible by a second browser on the same PC. I consider the question closed. – SteveR Aug 27 '19 at 18:23
  • Thanks, if you cank mark as accepted answer this helps Stack Overflow. Glad i could help you! – Marco Sep 12 '19 at 19:52