search

saltcorn / saltcorn

Free and open source no-code application builder
https://saltcorn.com/
MIT License
1.7k stars 291 forks source link

Saltcorn & Cookies #2740

Open 0luckyluke opened 1 month ago

0luckyluke commented 1 month ago

What cookies does Saltcorn natively use? If any, are they all in the category Necessary Cookies.

I'm studying to implement the Cookieconsent module in a public website I'm making with Saltcorn.

Thanks for helping me out!

iron3oxide commented 1 month ago

I'm not entirely sure if this produces an exhaustive list, but you can find out by going to the storage tab in the developer tools of your browser. IIRC, only things like session id, screen size and login status are stored by default, so I'd say they're necessary.

glutamate commented 1 month ago

This does not constitute legal advice and you are responsible for compliance with your own jurisdiction. Also as @iron3oxide mentions, check in you browser what is actually set.

Saltcorn set a session cookie used to track login status and in some cases (?) also to set screen screen size for dispatching page groups. These are first party cookies and are not sent to any other service (unless you do this or you have some other component installed that does this). It is up to you to communicate this use to your user.

You can do more stuff with this session ID in a Saltcorn build. For instance you can store the session ID in tables and use the session ID in many other formulas. If you do this it is up to you to determine if your cookie is no longer "functional" but is now used for "analytics" purposes, and what implication this has for what do you communicate to your users.

You can also enable logging of IP addresses and in some places access the IP address as a variable.

Some modules may still use CDN resources and serving these may set additional cookies. There is a list here https://wiki.saltcorn.com/view/ShowPage/privacy-on-saltcorn but this may be out of date.

glutamate commented 1 month ago

Added section on cookies with above to Privacy page on wiki

iron3oxide commented 1 week ago

@0luckyluke do you have any more questions or can this be closed?

0luckyluke commented 1 week ago

@iron3oxide this is sufficient information for now, thank you!

Op ma 11 nov 2024, 00:55 schreef iron3oxide @.***>:

@0luckyluke https://github.com/0luckyluke do you have any more questions or can this be closed?

— Reply to this email directly, view it on GitHub https://github.com/saltcorn/saltcorn/issues/2740#issuecomment-2466994350, or unsubscribe https://github.com/notifications/unsubscribe-auth/BFMOW7X42FYCWHCOQPCKH5TZ77W6ZAVCNFSM6AAAAABQBU5XMSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRWHE4TIMZVGA . You are receiving this because you were mentioned.Message ID: @.***>