http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8155 Priority: P5 - low Change sponsored?: Sponsored Bug ID: 8155 Assignee: oleonard@myacpl.org Summary: Comply with UK Electronic Commerce (EC Directive) Regulations 2002 Severity: critical Classification: Unclassified OS: All Reporter: mjr@software.coop URL: http://opac/ Hardware: All Status: ASSIGNED Version: unspecified Component: OPAC Product: Koha The full details are on http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communication... but as I understand it we need a way to avoid setting any cookies on the OPAC until the user has been warned and consented. I intend to destroy the session and cookie in C4::Auth::get_template_and_user() just before it is sent back to the OPAC, as long as no cookie-using features are enabled; and to add a small notice to the OPAC login forms. I am marking this as critical because it means Koha should not be used in the UK (arguably the whole EU) in public until this bug is fixed. Koha admins should ensure that a cookie notification is included in their staff user agreements/policies, to cover the intranet interface. (You can also do that if your OPAC is not public, rather than apply this fix.) A patch, sponsored by software.coop, will be along shortly. -- You are receiving this mail because: You are watching all bug changes.