Loading...
 
Skip to main content

History: Overview of Cookies Used in Tiki

View published page Collapse Into Edit Sessions

Source of version: 9

Copy to clipboard
            ! Overview of Cookies Used in Tiki

!! List of cookies and consent requirements

Here is the list of cookies along with whether they require user consent and their duration:

"__Duration: default__" means that it is a session cookie, and it will expire once the session ends.

# 1  __comments.php__
  The cookie is set twice without consent. 
   __Duration:__ default
   __Name:__ comzone
   __Use:__ The cookie value determines whether the comments section should be shown or hidden.

# 2 __tiki-discount.php__
  The cookies are set once without consent. 
    __Duration:__ default
    __Name:__ tabs
    __Use:__ The tabs cookie is used to store the current tab that the user is viewing in the discount management interface.

# 3 __tiki-login.php__
  The cookie is set once without consent. 
    __Duration:__ defined in $prefs'remembertime'
    __Name:__ the cookie name is dynamically generated based on the site's configuration to avoid naming conflicts when multiple Tiki installations are on the same domain.
    __Use:__ this cookie allows users to remain logged in even after closing the browser, as long as the cookie is valid and hasn't expired.

# 4   __tiki-setup_base.php__
  The cookie is set once without consent.
    __Duration:__ 1 year
    __Name:__ Dynamic value from $extra_cookie_name
    __Use:__ Used to confirm that the current user is indeed the owner of the session.

# 5  __tiki-setup.php__
  The cookies are set once, require consent, and get deleted as per the user's preference.

# 6 __lib/tiki-js.js__
  The script creates a custom `setCookie` function with the following features:
    - Checks if the cookie already exists to avoid duplication.
    - Handles expiration by defaulting to one year or session cookies.
    - Integrates consent management by using an alternative storage mechanism (`tiki-cookie-jar.php`) when cookies are not allowed. If the alternative fails, it falls back to setting cookies in the browser directly.
 In this file, the cookies are set once without consent.
  __Name:__ The name of the cookie is generated based on the data-name attribute of the .tabs element within the tab container. So, whatever value is stored in the data-name attribute of the .tabs element becomes the cookie's name.
  __Duration:__ Expires as soon as the browser is closed as its a session based cookie.

# 7 __lib/tikiaccesslib.php__
  The cookies are set once. 
  __Duration:__ The duration of this CSRF cookie is set to 0, which means it is a session cookie. The cookie is temporary and is automatically deleted when the user closes their browser.
  __Name:__ The cookie name is generated by appending '_CSRF' to the session name, which is obtained using session_name()
  __Use:__ This cookie helps in CSRF protection by verifying the token during form submissions or sensitive actions.

# 8 __lib/tikilib.php__
   The cookies are set once without consent.
    __Duration:__ 300 days
    __Name:__ The name of the cookie is dynamically generated using the poll ID.
    __Use:__ This cookie helps manage voting sessions and ensures that the same user/IP doesn't vote more than once in a poll.

# 9 __lib/userslib.php__
  This code deletes an existing cookie.
  __Duration:__ When the user logs out, the function sets the cookie to expire immediately. This is achieved by setting a negative expiration time.
  __Name:__ The cookie name is stored in the global variable $user_cookie_site.
  __Use:__ The purpose of this cookie is to store session or authentication information related to the user’s login state. During logout, the cookie is cleared to ensure the user is logged out properly.

# 10 - __lib/banners/bannerlib.php__
  The cookies are set once without consent.
   __Duration__: 90 days (or until a specified date).
   __Name__: The cookie is named dynamically based on the banner's zone.
   __Use__: Tracks the user's impressions (views) of the banner using a cookie, and limits views if a maximum is specified.

# 11 __lib/ckeditor_tiki/tiki-ckeditor.js__
  The cookie is set three times, in two different part of the code, without consent. 
  __Duration:__ The cookie is set to last for the duration of the session. This means it will be cleared once the browser session ends.
  __Name__: wysiwyg_inline_edit
  __Use:__ This cookie is used to track whether the inline editing mode for the page is enabled or disabled. It helps maintain the state of the page (whether it's in editing mode or not) across different actions.

# 12 __lib/comments/commentslib.js__
 The cookies are set three times without consent. 
   __Duration: default__
   __Name: anonymous_name, anonymous_email, anonymous_website.
   __Use:__ These cookies are used to store the user's anonymous name, email, and website when they submit a comment. The goal is to remember these details so the user doesn't need to re-enter them the next time they comment.

# 13 __lib/jquery_tiki/tiki-admin.js__
  The cookies are set once without consent. 
  __Duration: default__

# 14 __lib/jquery_tiki/tiki-connect.js__
  The cookies are set once without consent. 
   __Duration: default__

# 15 __lib/jquery_tiki/tiki-jquery.js__
  The cookies are set eight times without consent. 
   __Duration: default__

# 16 __lib/setup/cookies.php__
  The script sets cookies via `setcookie()` or stores them in `$_SESSION'tiki_cookie_jar'`. 
 When cookies are disabled without requesting explicit consent, the cookie duration is defined by the `$expire` parameter, defaulting to a session cookie if not specified.

# 17 __lib/setup/javascript.php__
  The script sets cookies five times, does not request consent. 
  __Duration: default__

# 18  __lib/smarty_tiki/BlockHandler/Tabset.php__
  The script sets the cookie once, does not request consent.
  __Duration: default__

# 19 __lib/soap/soaplib.php__
   The script sets cookies multiple times depending on the `$this->cookies` array, with the `allowCookies` variable suggesting that user consent is respected. 
  __Duration: default__

# 20 __lib/soap/nusoap/nusoap.php__
  The script sets cookies multiple times via the `setCookie()` method, likely without explicit consent management within the method itself. 
  The cookies' duration is unspecified, defaulting to session cookies.

# 21 __lib/tikihelp/menu/ftiens4.js__
 The script sets the cookie nine times, does not request consent. 
  __Duration: default__

# 22 __templates/remarksbox.tpl__
  The cookies are set once without consent. 
  __Duration: default__

# 23 __templates/tiki-editpage.tpl__
  The cookies are set once without consent. 
  __Duration: default__

# 24 __templates/tiki-preview.tpl__
  The script sets cookies three times, does not request consent. 
  __Duration: default__

# 25 __templates/tiki-view_forum.tpl__
   The script sets cookies twice, does not request consent. 
   __Duration: default__

# 26 __tiki_tests/tiki-tests_record.php__
  The script sets cookies twice, does not request consent. 
  The cookies are session cookies (expire when the browser is closed). 
  __Duration: default__

# 27 __tiki_tests/tikitestslib.php__
  The script sets cookies two times (to delete them by setting an expiration time in the past), does not request consent. 
  The cookies are set to expire immediately (`time() - 3600`).

History

Information Version
Ushindi Gedeon 17
Sammy Ndabo 16
Sammy Ndabo 15
Sammy Ndabo 14
Sammy Ndabo Update heading format 13
Sammy Ndabo Introduce the section Essential vs. Non-Essential cookies for Tiki Functionality 12
Sammy Ndabo 11
Sammy Ndabo 10
Sammy Ndabo 9
Sammy Ndabo 8
Sammy Ndabo 7
Sammy Ndabo 6
Sammy Ndabo 5
Sammy Ndabo 4
Sammy Ndabo 3
Ushindi Gedeon Add details about places in Tiki where Cookies are set 2
Sammy Ndabo Page initialization 1