It's always a good idea to respect the privacy of the visitors of your website. This is particularly important where respective reglementations are governed by law.

Note that all information concerning the interpretation of legal issues given here is without any liability. You have to inform yourself about those according to legally binding sources; if in doubt, consult a lawyer.


According to the EU cookie law websites are not allowed anymore to store arbitrary information about visitors without explicitely informing them and asking for their informed consent.

According to the danish implementation websites are not allowed to store, access or gain acces to anything, even somethings others have stored, without prior informed consent. (If you look for something NOT being in the transmission [no cookie] - what is that - gained access?). The request of being able to see what the user have consented to over time and being able to recall the consent (and the data) is opening questions in relation to, for instance, third party analytics software.

Disambiguation of “session cookie”: this wording is used for two quite different things. On one hand it could refer to any cookie that expires after the session is closed (i.e. when the browser is closed). On the other hand it could mean a cookie that is set to identify a user's PHP session (which can store arbitrary data related to a particular user).

The expiration of cookie: the expiration time of a cookie can be set arbitrarily when the cookie is set by a website. It's either specified as a timestamp (i.e. an exactly specified date und time) or as 0. The latter means, that the cookie expires when the browser is closed. The cookies that store a PHP session ID will typically expire when the browser is closed, but this depends on the PHP ini setting session.cookie_lifetime. As the regulations regarding cookies might depend on the cookie expiration time, you should check this setting on your server.


  • blue: not yet checked
  • green: the plugin doesn't set any cookies for visitors without explicit agreement.
  • yellow: the plugin sets cookies (or uses a session), which might have to be announced to the visitor.
  • red: the plugin probably requires the visitor to opt in to the use of cookies before it can be used.

Please note that the colors should only give a quick overview, but there definitely not hard rules, as the legislation in your country might be totally different, and the wiki authors are no lawyers.

The following list should shed some light on which information is stored by CMSimple plugins by setting cookies, but is supplied without any liability.

  • <fc #ffa500>Advancedform_XH (1beta12)</fc>: the built in CAPTCHA stores the CAPTCHA code in the PHP session.
  • <fc #008000>Ajaxfilemanager_XH (1beta5)</fc>: stores various information in the PHP session, but only in admin mode
  • <fc #008000>Boilerplate_XH (1beta1)</fc>: -
  • <fc #ffa500>Chat_XH (1beta1)</fc>: stores the current chat room in the session (additionally accesses Register resp. memberpages user names in the PHP session)
  • <fc #008000>Coco_XH (1rc1)</fc>: -
  • <fc #ffa500>Codeeditor_XH (1beta4)</fc>: stores the name of the filebrowser callback function in the session
  • <fc #ffa500>Cryptographp_XH (1beta3)</fc>: stores various information about the CAPTCHA (code, time, expiration, unique ID, language) in the PHP session
  • <fc #008000>Dlcounter_XH (1alpha1)</fc>: -
  • <fc #008000>Forum_XH (1beta1)</fc>: (accesses Register resp. Memberpages user name in the PHP session)
  • <fc #ffa500>Handheld_XH (1beta4)</fc>: set a cookie to force full/mobile view (expires at end of session).
  • <fc #008000>Imagescroller_XH (1beta1)</fc>: -
  • <fc #008000>Ipban_XH (1beta2)</fc>: sets cookies to track user preferences for the grid in the admin mode
  • <fc #ffa500>Minicounter_XH (1beta1)</fc>: stores information about the current visitor in the PHP session (already counted, visitor number)
  • <fc #008000>Pagemanager_XH (1pl8)</fc>: -
  • <fc #008000>Pdeditor_XH (1beta1)</fc>: -
  • <fc #ffa500>Poll_XH (1beta2)</fc>: sets a permanent (for the duration of the poll) cookie, that tracks that the user has voted (but not what he voted for)
  • <fc #008000>Privacy_XH (1beta1)</fc>: sets a (permanent) cookie that user has agreed
  • <fc #4682b4>Recaptcha_XH</fc> (1beta1): TODO: check, if RECAPTCHA itself sets cookies
  • <fc #ffa500>Register_XH (1.4rc5)</fc>: stores complete user information in the PHP session; sets permanent cookies if user checks REMEMBER USER
  • <fc #008000>Restore_XH (1beta1)</fc>: -
  • <fc #008000>Roundabout_XH (1beta1)</fc>: -
  • <fc #008000>Sitemapper_XH (1pl1)</fc>: -
  • <fc #008000>Socialshareprivacy_XH (1beta1)</fc>: sets a permanent cookie if visitor has opted in
  • <fc #ffa500>Tetris_XH (1rc1)</fc>: stores datafolder and timestamp in the PHP session
  • <fc #008000>Translator_XH (1beta4)</fc>: -
  • <fc #ffa500>Uploader_XH (1alpha7)</fc>: stores various settings in the PHP session
  • <fc #008000>Utf8_XH (0.5.2)</fc>: -
  • <fc #008000>Utf8migrator_XH (1beta2)</fc>: -
  • <fc #008000>Video_XH (1beta4)</fc>: -
  • <fc #008000>Webcamviewer_XH (1beta1)</fc>: -
  • <fc #008000>Yanp_XH (1pl3)</fc>: -
faqs/privacy.txt · Last modified: 2018/04/05 14:48 (external edit)
Webdesign: NMuD = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0