[Koha-bugs] [Bug 8155] New: Comply with UK Electronic Commerce (EC Directive) Regulations 2002

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri May 25 12:59:37 CEST 2012


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8155

          Priority: P5 - low
 Change sponsored?: Sponsored
            Bug ID: 8155
          Assignee: oleonard at myacpl.org
           Summary: Comply with UK Electronic Commerce (EC Directive)
                    Regulations 2002
          Severity: critical
    Classification: Unclassified
                OS: All
          Reporter: mjr at software.coop
               URL: http://opac/
          Hardware: All
            Status: ASSIGNED
           Version: unspecified
         Component: OPAC
           Product: Koha

The full details are on
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx
but as I understand it we need a way to avoid setting any cookies on the OPAC
until the user has been warned and consented.

I intend to destroy the session and cookie in C4::Auth::get_template_and_user()
just before it is sent back to the OPAC, as long as no cookie-using features
are enabled; and to add a small notice to the OPAC login forms.

I am marking this as critical because it means Koha should not be used in the
UK (arguably the whole EU) in public until this bug is fixed. Koha admins
should ensure that a cookie notification is included in their staff user
agreements/policies, to cover the intranet interface. (You can also do that if
your OPAC is not public, rather than apply this fix.)

A patch, sponsored by software.coop, will be along shortly.

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list