Loading...
 
Skip to main content

History: Overview of Cookies Used in Tiki

Preview of version: 9

Overview of Cookies Used in Tiki


Here is the list of cookies along with whether they require user consent and their duration:

"Duration: default" means that it is a session cookie, and it will expire once the session ends.

  1. 1 comments.php

The cookie is set twice without consent.
Duration: default
Name: comzone
Use: The cookie value determines whether the comments section should be shown or hidden.

  1. 2 tiki-discount.php

The cookies are set once without consent.
Duration: default
Name: tabs
Use: The tabs cookie is used to store the current tab that the user is viewing in the discount management interface.

  1. 3 tiki-login.php

The cookie is set once without consent.
Duration: defined in $prefs'remembertime'
Name: the cookie name is dynamically generated based on the site's configuration to avoid naming conflicts when multiple Tiki installations are on the same domain.
Use: this cookie allows users to remain logged in even after closing the browser, as long as the cookie is valid and hasn't expired.

  1. 4 tiki-setup_base.php

The cookie is set once without consent.
Duration: 1 year
Name: Dynamic value from $extra_cookie_name
Use: Used to confirm that the current user is indeed the owner of the session.

  1. 5 tiki-setup.php

The cookies are set once, require consent, and get deleted as per the user's preference.

  1. 6 lib/tiki-js.js

The script creates a custom `setCookie` function with the following features:
- Checks if the cookie already exists to avoid duplication.
- Handles expiration by defaulting to one year or session cookies.
- Integrates consent management by using an alternative storage mechanism (`tiki-cookie-jar.php`) when cookies are not allowed. If the alternative fails, it falls back to setting cookies in the browser directly.
In this file, the cookies are set once without consent.
Name: The name of the cookie is generated based on the data-name attribute of the .tabs element within the tab container. So, whatever value is stored in the data-name attribute of the .tabs element becomes the cookie's name.
Duration: Expires as soon as the browser is closed as its a session based cookie.

  1. 7 lib/tikiaccesslib.php

The cookies are set once.
Duration: The duration of this CSRF cookie is set to 0, which means it is a session cookie. The cookie is temporary and is automatically deleted when the user closes their browser.
Name: The cookie name is generated by appending '_CSRF' to the session name, which is obtained using session_name()
Use: This cookie helps in CSRF protection by verifying the token during form submissions or sensitive actions.

  1. 8 lib/tikilib.php

The cookies are set once without consent.
Duration: 300 days
Name: The name of the cookie is dynamically generated using the poll ID.
Use: This cookie helps manage voting sessions and ensures that the same user/IP doesn't vote more than once in a poll.

  1. 9 lib/userslib.php

This code deletes an existing cookie.
Duration: When the user logs out, the function sets the cookie to expire immediately. This is achieved by setting a negative expiration time.
Name: The cookie name is stored in the global variable $user_cookie_site.
Use: The purpose of this cookie is to store session or authentication information related to the user’s login state. During logout, the cookie is cleared to ensure the user is logged out properly.

  1. 10 - lib/banners/bannerlib.php

The cookies are set once without consent.
Duration: 90 days (or until a specified date).
Name: The cookie is named dynamically based on the banner's zone.
Use: Tracks the user's impressions (views) of the banner using a cookie, and limits views if a maximum is specified.

  1. 11 lib/ckeditor_tiki/tiki-ckeditor.js

The cookie is set three times, in two different part of the code, without consent.
Duration: The cookie is set to last for the duration of the session. This means it will be cleared once the browser session ends.
Name: wysiwyg_inline_edit
Use: This cookie is used to track whether the inline editing mode for the page is enabled or disabled. It helps maintain the state of the page (whether it's in editing mode or not) across different actions.

  1. 12 lib/comments/commentslib.js

The cookies are set three times without consent.
Duration: default
__Name: anonymous_name, anonymous_email, anonymous_website.
Use: These cookies are used to store the user's anonymous name, email, and website when they submit a comment. The goal is to remember these details so the user doesn't need to re-enter them the next time they comment.

  1. 13 lib/jquery_tiki/tiki-admin.js

The cookies are set once without consent.
Duration: default

  1. 14 lib/jquery_tiki/tiki-connect.js

The cookies are set once without consent.
Duration: default

  1. 15 lib/jquery_tiki/tiki-jquery.js

The cookies are set eight times without consent.
Duration: default

  1. 16 lib/setup/cookies.php

The script sets cookies via `setcookie()` or stores them in `$_SESSION'tiki_cookie_jar'`.
When cookies are disabled without requesting explicit consent, the cookie duration is defined by the `$expire` parameter, defaulting to a session cookie if not specified.

  1. 17 lib/setup/javascript.php

The script sets cookies five times, does not request consent.
Duration: default

  1. 18 lib/smarty_tiki/BlockHandler/Tabset.php

The script sets the cookie once, does not request consent.
Duration: default

  1. 19 lib/soap/soaplib.php

The script sets cookies multiple times depending on the `$this->cookies` array, with the `allowCookies` variable suggesting that user consent is respected.
Duration: default

  1. 20 lib/soap/nusoap/nusoap.php

The script sets cookies multiple times via the `setCookie()` method, likely without explicit consent management within the method itself.
The cookies' duration is unspecified, defaulting to session cookies.

  1. 21 lib/tikihelp/menu/ftiens4.js

The script sets the cookie nine times, does not request consent.
Duration: default

  1. 22 templates/remarksbox.tpl

The cookies are set once without consent.
Duration: default

  1. 23 templates/tiki-editpage.tpl

The cookies are set once without consent.
Duration: default

  1. 24 templates/tiki-preview.tpl

The script sets cookies three times, does not request consent.
Duration: default

  1. 25 templates/tiki-view_forum.tpl

The script sets cookies twice, does not request consent.
Duration: default

  1. 26 tiki_tests/tiki-tests_record.php

The script sets cookies twice, does not request consent.
The cookies are session cookies (expire when the browser is closed).
Duration: default

  1. 27 tiki_tests/tikitestslib.php

The script sets cookies two times (to delete them by setting an expiration time in the past), does not request consent.
The cookies are set to expire immediately (`time() - 3600`).

History

Information Version
Ushindi Gedeon 17
Sammy Ndabo 16
Sammy Ndabo 15
Sammy Ndabo 14
Sammy Ndabo Update heading format 13
Sammy Ndabo Introduce the section Essential vs. Non-Essential cookies for Tiki Functionality 12
Sammy Ndabo 11
Sammy Ndabo 10
Sammy Ndabo 9
Sammy Ndabo 8
Sammy Ndabo 7
Sammy Ndabo 6
Sammy Ndabo 5
Sammy Ndabo 4
Sammy Ndabo 3
Ushindi Gedeon Add details about places in Tiki where Cookies are set 2
Sammy Ndabo Page initialization 1