Closed EPuncker closed 11 months ago
Only cookie we use is PHPSESSID, which is used to establish a session ID. https://www.quora.com/Does-PHP-s-session_start-require-GDPR-cookie-consent https://github.com/Znote/ZnoteAAC/blob/ec55497c5abcad662489e6616d726e749a9e1bb3/engine/init.php#L23
But after registering an account, we store account information, email, IP and other user submitted information.
The new session analytics system tracks session id, referral source, IP, pages you have visited, all get and post submitted information (except passwords).
GDPR is tricky and boring, but I'll welcome anyone to make a PR to make it easier to comply with them.
The easiest way would probably be to stop processing page altogether until user consents to everything. As session_start is used before even rendering the layout, and is quite crucial to the entire logic of Znote AAC.
We might need a small notice about cookies usage in our AAC, maybe with a setting to turn it on/off
something like this simple one: https://www.cssscript.com/creating-cookie-notification-with-vanilla-javascript-cookienoticejs/