Enforcing Cookie Policies

Since Smartsite iXperion 1.4b9, the Smartsite Publication Server comes with support for cookie regulation, such as the new Dutch Cookie Law (5 June 2012).

Channel Setting

To enable the Cookie Policy enforcement for a channel, set the "Enable cookie policy" flag in the channel:

Enable visitor cookie policy

Smartlet

Next, add the sml_CookiePolicy() Smartlet to your homepages. This Smartlet will present a list of Cookie Usage groups to accept.

These groups are:

The visitor can then choose to reject all categories except .

Smartsite will then test all cookie reads and writes according to the visitor's choice of accepted groups, and ignore reads and writes in rejected categories.

The sml_CookiePolicy() Smartlet has a show property you can use to specify how it presents itself.

Modes are:

  • banner
    Shows a banner indicating the user should apply a policy if not yet set (only shown if no policy was chosen by the user yet)
  • always
    Always shows the list with the current policy (or the defaults). This mode can be used for existing users to change their policy.

Registering cookies

Cookies are registered using the Cookie Policy Manager. By default, known cookies written by ASP.NET, Smartsite and add-on modules are already registered. Your sites may however use a number of custom cookies that will have to be registered as well.

To do this, you can use Smartsite logging (category: CookiePolicy). Any 'misses' (non-registered cookies) are logged by the cookie policy system, and the defaultEnabled property of the 'UNKNOWN' cookie group applies here.

Good practice when applying Cookie Policy to your site is to watch for 'CookiePolicy' log writes for a while, then adding the collected cookies.

 

More information: Seneca Cookie Law Whitepaper

Topics