Closed zarino closed 4 years ago
The PHPSESSIONID is set by PHP once a session exists. Even WordPress uses this internally.
Helpful sets the cookie whenever sessions do not work, or vice versa.
If you have problems with your session, you can install the plugin here: https://wordpress.org/plugins/wp-native-php-sessions/
In the future, please use the forum on wordpress.org, because I will be notified by e-mail there, too.
The option to disable sessions is for hosters that do not allow sessions.
The cookie is GDPR compatible as no data is stored by the user. It is a random string that is generated once for a user to identify him/her somehow.
Thanks for the reply! And apologies for not using the WordPress support forum – will do in future.
The PHPSESSIONID is set by PHP once a session exists. Even WordPress uses this internally.
Yup, but WordPress only starts a session if the visitor logs in to a user account. Anonymous visitors don’t trigger PHP sessions.
With Helpful installed, even if I don‘t want to track anything about my visitors (like whether they’ve voted on the current page before), Helpful still starts a PHP session – which surprised me.
I guess what I expected was a checkbox in the Helpful settings which would disable all use of sessions in the plugin. (Or for it just to be automatic, given I’ve already disabled all the settings which would require Helpful to identify returning visitors.)
Maybe Helpful needs to track users across pageloads for some other reason that I’m not aware of?
The cookie is GDPR compatible as no data is stored by the user. It is a random string that is generated once for a user to identify him/her somehow.
I’m not actually worried about GDPR, but PECR. Regulation 6 of PECR says you have to obtain consent to store cookies on a user’s device, unless the cookie is required for provision of the service the user requested. In all honestly, I can’t claim that a "helpful / not helpful" button is required for the site to work, so PECR says I’d have to ask consent. Right now the site I’m working on doesn’t require consent for anything else (no analytics cookies, no trackers), so I’m having to weigh up the benefit of the feedback that the Helpful plugin would provide versus the negative impact that a cookie consent modal would have on visitors. :-/
@zarino
I just ran an update. It should now be better to check if a session has already been started and so the 500 error messages are omitted.
You can now also disable sessions and cookies completely under System. But this way users can vote on every pageload, because Helpful can no longer check if the user has already voted.
This should allow you to receive feedback and still comply with the privacy policy.
Oh wow! I wasn’t expecting you to fix it literally right now 🥇
I’ll check it out soon and let you know how it goes.
@pixelbart This is great, and I can confirm that now, with the "Disable cookies and sessions" checkbox ticked, no helpful or PHPSESSID cookies are created 👍
Thanks!
By the way, while I was testing, I noticed Helpful was generating errors when the wp_helpful
database table was empty. This seems to be new in 4.3.2. I’ve created a ticket in your WordPress.org support forum.
Stand on my Todo! Thank you!
I'll close up here. If you find anything else, please open a new ticket. I try to check in here at least once a day.
Thanks for the really useful plugin!
I notice that, by default, Helpful sets two cookies – a
helpful_user
cookie, and aPHPSESSID
session cookie.As far as I can tell, I don’t have any settings set that would require visitor tracking:
I wonder whether it’s possible to tell Helpful not to set any cookies / not to use sessions, in this case?
I don’t quite understand what the "Disable sessions" checkbox in the Cookies & Sessions section does, but when I ticked it, visits to the web front-end return a server error, so I’m guessing I can’t use that to prevent session tracking.