History: Overview of Cookies Used in Tiki
Preview of version: 8
Overview of Cookies Used in Tiki
List of cookies and consent requirements
Here is the list of cookies along with whether they require user consent and their duration:
"Duration: default" means that it is a session cookie, and it will expire once the session ends.
- 1 comments.php
The cookie is set twice without consent.
Duration: default
Name: comzone
Use: The cookie value determines whether the comments section should be shown or hidden.
- 2 tiki-discount.php
The cookies are set once without consent.
Duration: default
Name: tabs
Use: The tabs cookie is used to store the current tab that the user is viewing in the discount management interface.
- 3 tiki-login.php
The cookie is set once without consent.
Duration: defined in $prefs'remembertime'
Name: the cookie name is dynamically generated based on the site's configuration to avoid naming conflicts when multiple Tiki installations are on the same domain.
Use: this cookie allows users to remain logged in even after closing the browser, as long as the cookie is valid and hasn't expired.
- 4 tiki-setup_base.php
The cookie is set once without consent.
Duration: 1 year
Name: Dynamic value from $extra_cookie_name
Use: Used to confirm that the current user is indeed the owner of the session.
- 5 tiki-setup.php
The cookies are set once, require consent, and get deleted as per the user's preference.
- 6 lib/tiki-js.js
The script creates a custom `setCookie` function with the following features:
- Checks if the cookie already exists to avoid duplication.
- Handles expiration by defaulting to one year or session cookies.
- Integrates consent management by using an alternative storage mechanism (`tiki-cookie-jar.php`) when cookies are not allowed. If the alternative fails, it falls back to setting cookies in the browser directly.
In this file, the cookies are set once without consent.
Name: The name of the cookie is generated based on the data-name attribute of the .tabs element within the tab container. So, whatever value is stored in the data-name attribute of the .tabs element becomes the cookie's name.
Duration: Expires as soon as the browser is closed as its a session based cookie.
- 7 lib/tikiaccesslib.php
The cookies are set once.
Duration: The duration of this CSRF cookie is set to 0, which means it is a session cookie. The cookie is temporary and is automatically deleted when the user closes their browser.
Name: The cookie name is generated by appending '_CSRF' to the session name, which is obtained using session_name()
Use: This cookie helps in CSRF protection by verifying the token during form submissions or sensitive actions.
- 8 lib/tikilib.php
The cookies are set once without consent.
Duration: 300 days
Name: The name of the cookie is dynamically generated using the poll ID.
Use: This cookie helps manage voting sessions and ensures that the same user/IP doesn't vote more than once in a poll.
- 9 lib/userslib.php
This code deletes an existing cookie.
Duration: When the user logs out, the function sets the cookie to expire immediately. This is achieved by setting a negative expiration time.
Name: The cookie name is stored in the global variable $user_cookie_site.
Use: The purpose of this cookie is to store session or authentication information related to the user’s login state. During logout, the cookie is cleared to ensure the user is logged out properly.
- 10 - lib/banners/bannerlib.php
The cookies are set once without consent.
Duration: 90 days (or until a specified date).
Name: The cookie is named dynamically based on the banner's zone.
Use: Tracks the user's impressions (views) of the banner using a cookie, and limits views if a maximum is specified.
- 11 lib/ckeditor_tiki/tiki-ckeditor.js
The cookie is set three times, in two different part of the code, without consent.
Duration: The cookie is set to last for the duration of the session. This means it will be cleared once the browser session ends.
Name: wysiwyg_inline_edit
Use: This cookie is used to track whether the inline editing mode for the page is enabled or disabled. It helps maintain the state of the page (whether it's in editing mode or not) across different actions.
- 12 lib/comments/commentslib.js
The cookies are set three times without consent.
Duration: default
- 13 lib/jquery_tiki/tiki-admin.js
The cookies are set once without consent.
Duration: default
- 14 lib/jquery_tiki/tiki-connect.js
The cookies are set once without consent.
Duration: default
- 15 lib/jquery_tiki/tiki-jquery.js
The cookies are set eight times without consent.
Duration: default
- 16 lib/setup/cookies.php
The script sets cookies via `setcookie()` or stores them in `$_SESSION'tiki_cookie_jar'`.
When cookies are disabled without requesting explicit consent, the cookie duration is defined by the `$expire` parameter, defaulting to a session cookie if not specified.
- 17 lib/setup/javascript.php
The script sets cookies five times, does not request consent.
Duration: default
- 18 lib/smarty_tiki/BlockHandler/Tabset.php
The script sets the cookie once, does not request consent.
Duration: default
- 19 lib/soap/soaplib.php
The script sets cookies multiple times depending on the `$this->cookies` array, with the `allowCookies` variable suggesting that user consent is respected.
Duration: default
- 20 lib/soap/nusoap/nusoap.php
The script sets cookies multiple times via the `setCookie()` method, likely without explicit consent management within the method itself.
The cookies' duration is unspecified, defaulting to session cookies.
- 21 lib/tikihelp/menu/ftiens4.js
The script sets the cookie nine times, does not request consent.
Duration: default
- 22 templates/remarksbox.tpl
The cookies are set once without consent.
Duration: default
- 23 templates/tiki-editpage.tpl
The cookies are set once without consent.
Duration: default
- 24 templates/tiki-preview.tpl
The script sets cookies three times, does not request consent.
Duration: default
- 25 templates/tiki-view_forum.tpl
The script sets cookies twice, does not request consent.
Duration: default
- 26 tiki_tests/tiki-tests_record.php
The script sets cookies twice, does not request consent.
The cookies are session cookies (expire when the browser is closed).
Duration: default
- 27 tiki_tests/tikitestslib.php
The script sets cookies two times (to delete them by setting an expiration time in the past), does not request consent.
The cookies are set to expire immediately (`time() - 3600`).