[Wolves] Help me test my vegan recipes web-site, please

Andy Jewell Andy.Jewell at sysmicro.co.uk
Tue Jul 17 21:41:55 UTC 2012

> I've intentionally avoided anything that requires cookies - and this of course would.
> Because of the 'cookie law' it's now illegal to just drop cookies for state tracking, so I decided to avoid them entirely for non-logged in users.
> I'm planning to have a 'sign up' page which will enable this sort of feature.

>Forgive me, but why not write a quick tool that lets you ask for
>permissions to drop cookies on to the users browser? Not much point in
>sacrificing usability.

There's a conundrum - how do you store the answer? If they say no, you can't store a cookie (or anything like one) to keep state server-side. The best you can do is put something in the URL or query-string, but that would be really ugly on the code-side - Flask uses Python decorators to associate URI's to functions, so I'd have to overload each one, e.g. /pagename and /nocookies/pagename or /pagename?nocookies=1, or worse, put a session-id in the query string, all of which screw up the "beautified" url scheme, and the latter adds the chance of spoofing problems. I thought about it, and in the end, decided to only issue cookies when you log in. As it's only Michelle and myself who logs in at the moment, it's no problem.

I read through all the advice on the Data Commisioner's web site, and the best route seems to be "don't use cookies if you don't really need them" - even if they are not for tracking.

Andy D'Arcy Jewell
SysMicro Linux Support

T:  +44 (0) 844 991 8804
M: +44 (0) 7961 605631
F:  +44 (0) 844 357 7020
E:  andy.jewell at sysmicro.co.uk
W: www.sysmicro.co.uk

More information about the Wolves mailing list