History: Overview of Cookies Used in Tiki
Preview of version: 12
Overview of Cookies Used in Tiki
List of cookies and consent requirements
Here is the list of cookies along with whether they require user consent and their duration:
"Duration: default" means that it is a session cookie, and it will expire once the session ends.
- 1 comments.php
The cookie is set twice without consent.
Duration: default
Name: comzone
Use: The cookie value determines whether the comments section should be shown or hidden.
- 2 tiki-discount.php
The cookies are set once without consent.
Duration: default
Name: tabs
Use: The tabs cookie is used to store the current tab that the user is viewing in the discount management interface.
- 3 tiki-login.php
The cookie is set once without consent.
Duration: defined in $prefs'remembertime'
Name: the cookie name is dynamically generated based on the site's configuration to avoid naming conflicts when multiple Tiki installations are on the same domain.
Use: this cookie allows users to remain logged in even after closing the browser, as long as the cookie is valid and hasn't expired.
- 4 tiki-setup_base.php
The cookie is set once without consent.
Duration: 1 year
Name: Dynamic value from $extra_cookie_name
Use: Used to confirm that the current user is indeed the owner of the session.
- 5 tiki-setup.php
The cookies are set once, require consent, and get deleted as per the user's preference.
- 6 lib/tiki-js.js
The script creates a custom `setCookie` function with the following features:
- Checks if the cookie already exists to avoid duplication.
- Handles expiration by defaulting to one year or session cookies.
- Integrates consent management by using an alternative storage mechanism (`tiki-cookie-jar.php`) when cookies are not allowed. If the alternative fails, it falls back to setting cookies in the browser directly.
In this file, the cookies are set once without consent.
Name: The name of the cookie is generated based on the data-name attribute of the .tabs element within the tab container. So, whatever value is stored in the data-name attribute of the .tabs element becomes the cookie's name.
Duration: Expires as soon as the browser is closed as its a session based cookie.
- 7 lib/tikiaccesslib.php
The cookies are set once.
Duration: The duration of this CSRF cookie is set to 0, which means it is a session cookie. The cookie is temporary and is automatically deleted when the user closes their browser.
Name: The cookie name is generated by appending '_CSRF' to the session name, which is obtained using session_name()
Use: This cookie helps in CSRF protection by verifying the token during form submissions or sensitive actions.
- 8 lib/tikilib.php
The cookies are set once without consent.
Duration: 300 days
Name: The name of the cookie is dynamically generated using the poll ID.
Use: This cookie helps manage voting sessions and ensures that the same user/IP doesn't vote more than once in a poll.
- 9 lib/userslib.php
This code deletes an existing cookie.
Duration: When the user logs out, the function sets the cookie to expire immediately. This is achieved by setting a negative expiration time.
Name: The cookie name is stored in the global variable $user_cookie_site.
Use: The purpose of this cookie is to store session or authentication information related to the user’s login state. During logout, the cookie is cleared to ensure the user is logged out properly.
- 10 - lib/banners/bannerlib.php
The cookies are set once without consent.
Duration: 90 days (or until a specified date).
Name: The cookie is named dynamically based on the banner's zone.
Use: Tracks the user's impressions (views) of the banner using a cookie, and limits views if a maximum is specified.
- 11 lib/ckeditor_tiki/tiki-ckeditor.js
The cookie is set three times, in two different part of the code, without consent.
Duration: The cookie is set to last for the duration of the session. This means it will be cleared once the browser session ends.
Name: wysiwyg_inline_edit
Use: This cookie is used to track whether the inline editing mode for the page is enabled or disabled. It helps maintain the state of the page (whether it's in editing mode or not) across different actions.
- 12 lib/comments/commentslib.js
The cookies are set three times without consent.
Duration: default
__Name: anonymous_name, anonymous_email, anonymous_website.
Use: These cookies are used to store the user's anonymous name, email, and website when they submit a comment. The goal is to remember these details so the user doesn't need to re-enter them the next time they comment.
- 13 lib/jquery_tiki/tiki-admin.js
The cookies are set once without consent.
Duration: default
Name: sidebar_collapsed
Use: The cookie sidebar_collapsed is set when the sidebar is collapsed, storing the value "y". When this cookie is present, the sidebar remains collapsed even after the user refreshes or revisits the page. If the cookie is deleted (when the sidebar is expanded), the sidebar returns to its expanded state.
- 14 lib/jquery_tiki/tiki-connect.js
The cookies are set once without consent.
Duration: The cookie lasts for the duration of the browser session and is deleted when the browser is closed.
Name: show_tiki_connect
Use: The cookie tracks whether the "Connect Feedback" option is enabled or disabled in the admin interface elements.
- 15 lib/jquery_tiki/tiki-jquery.js
Multiple cookies set without any consent. Most of them here save user preferences related to the User Interface, improving user experience without requiring them to reset preferences every time.
Duration: default
1. Name: fgalKeepOpen
Use: To remember if a gallery or section should remain open based on the #keepOpenCbx checkbox state.
2. Name: Depends on the foo and section parameters passed to hide() and show() functions.
Use: To remember the visibility state of specific elements. The cookie stores whether an element is hidden ("c") or shown ("o").
3. ...
- 16 lib/setup/javascript.php
The script sets multiple cookies, does not request consent.
1. Name: javascript_enabled
Duration: Approximately 1 year (365 days). It sets the cookie with an expiry of one year in milliseconds.
Use: This cookie is used to ensure that JavaScript is enabled for better site functionality.
2. Name: javascript_enabled_detect
Duration: 1 year
Use: This cookie counts the number of detection attempts. The goal is to stop checking after three failed attempts (i.e., when JavaScript remains undetected).
3. Name: runs_before_js_detect
Duration: This cookie is deleted upon detection.
Use: This was a legacy cookie used in older versions of Tiki to track the number of times JavaScript detection was attempted. It is no longer in use, and the code deletes this cookie.
Key Behavior:
If JavaScript is enabled, the system sets the javascript_enabled cookie to y and updates
the preference.
If JavaScript is disabled, or the detection fails after three attempts, the system sets
the preference to n and stops further attempts to detect it.
- 17 lib/smarty_tiki/BlockHandler/Tabset.php
The script sets the cookie once, does not request consent.
Duration: default
Name: Dynamic name (based on tabset)
Use: Keeps the selected tab or toggle state ("Tab View" or "No Tabs") across page reloads or visits.
- 18 lib/soap/soaplib.php
The script sets cookies multiple times depending on the `$this->cookies` array, with the `allowCookies` variable suggesting that user consent is respected.
Duration: default
Name: Dynamically set from $cookieName (based on the server's response or request setup).
Use: Stores session-related information for maintaining state across SOAP requests.
- 19 lib/tikihelp/menu/ftiens4.js
The script sets the cookie nine times, does not request consent.
Duration: default
1. Name: clickedFolder
Use: Stores the ID of folders that were clicked/opened in the UI, preserving the state of open/closed folders.
2. Name: highlightedTreeviewLink
Use: Stores the ID of the last clicked or highlighted node in a tree view.
These cookies ensure folder and node states are consistent across sessions or page reloads.
- 20 templates/remarksbox.tpl
The cookies are set once without consent.
Duration: default
Name: dynamic name in $remarksbox_cookiehash (a unique identifier for the specific remarks box)
Use: The cookie helps remember the state of the remarks box. Once closed by the user, this cookie ensures the box stays hidden (or closed) during future visits or page reloads.
- 21 templates/tiki-editpage.tpl
The cookies are set once without consent.
Duration: default
Name: preview_diff_style
Use: The cookie is set when the user clicks the preview button during page editing to remember the chosen diff style in the preview pane. This allows the preview to maintain a consistent display style as the user makes edits.
- 22 templates/tiki-preview.tpl
The script contains 2 cookies, does not request consent.
Duration: default
1. Name: preview_diff_style
Use: This cookie stores the user's chosen style for how they want to see the differences between versions of the wiki page during editing.
2. Name: wiki
Use: This cookie ensures that the height of the preview box remains consistent across the session.
- 23 templates/tiki-view_forum.tpl
The script sets cookies twice, does not request consent.
Duration: default
Name: anonymous_name
Use: Stores the entered name of anonymous users when posting or previewing a comment, so the system remembers it during the session.
- 24 tiki_tests/tiki-tests_record.php
The script contains two cookies, does not request consent.
Duration: expire when the browser is closed.
1. Name: tikitest_record
Use: This cookie is used to track the state of a "test" or record-keeping process.
2. Name: tikitest_filename
Use: Stores the name of the file associated with the current test or record process.
Essential vs. Non-Essential for Tiki Functionality
Essential Cookies (required for Tiki to function properly)
- Login Cookie (tiki-login.php)
Keeps users logged in after closing the browser.
- Session Owner Cookie (tiki-setup_base.php)
Confirms session ownership to maintain security.
- CSRF Protection Cookie (lib/tikiaccesslib.php)
Protects against Cross-Site Request Forgery (CSRF) attacks.
- User Logout Cookie (lib/userslib.php)
Clears session and authentication information upon logout.
- javascript_enabled (lib/setup/javascript.php)
Detects if JavaScript is enabled, which is crucial for many Tiki features.
- SOAP Session Cookie (lib/soap/soaplib.php)
Maintains state across SOAP requests (if using SOAP services).
Non-Essential Cookies (enhance functionality but not critical for basic operation)
- comzone (comments.php)
Tracks if the comments section should be shown or hidden.
- tabs (tiki-discount.php)
Stores the current tab in the discount management interface.
- Setup Cookie (tiki-setup.php)
Deletes cookies as per user preferences.
- Tab Container Cookie (lib/tiki-js.js)
Stores tab states in the user interface for convenience.
- Poll Voting Cookie (lib/tikilib.php)
Prevents multiple votes on the same poll.
- Banner View Cookie (lib/banners/bannerlib.php)
Tracks banner impressions for advertising purposes.
- wysiwyg_inline_edit (lib/ckeditor_tiki/tiki-ckeditor.js)
Tracks the state of inline editing mode.
- anonymous_name (comments) (lib/comments/commentslib.js)
Stores the anonymous user name for commenting.
- sidebar_collapsed (lib/jquery_tiki/tiki-admin.js)
Keeps the sidebar collapsed state.
- show_tiki_connect (lib/jquery_tiki/tiki-connect.js)
Tracks the Connect Feedback option in the user interface.
- UI Preferences (lib/jquery_tiki/tiki-jquery.js)
Saves user interface preferences for a better experience.
- Tabset State Cookie (lib/smarty_tiki/BlockHandler/Tabset.php)
Stores tabset state for consistent tab visibility.
- Folder Click Cookie (lib/tikihelp/menu/ftiens4.js)
Tracks folder state in the user interface.
- Remarks Box Cookie (templates/remarksbox.tpl)
Stores the state of the remarks box.
- Preview Diff Style Cookie (templates/tiki-editpage.tpl)
Tracks preview diff style in page editing.
- wiki (preview height) (templates/tiki-preview.tpl)
Keeps the height of the preview box consistent.
- anonymous_name (forum) (templates/tiki-view_forum.tpl)
Stores the anonymous user name for forum posting.
- tikitest_record (tiki_tests/tiki-tests_record.php)
Tracks test/record state in testing functionalities.
- tikitest_filename (tiki_tests/tiki-tests_record.php)
Stores the file name during the test/record process.