0

I am currently coding a custom cookie law solution for several websites. I am trying to make the solution/plugin as much of an "all in one solution" as possible with the code being included as the first bit of script. currently I have almost done everything and it all looks very pretty, I want to give the user the ability to "accept" or "deny" with deny not just redirecting them away but still allowing them to use the website.

So far I have a cookie being set correctly for accept and deny which either sets a true or false value in a cookie based on there choice accept or deny.

I would like to use the code I have found for redefining the cookie setter and getter, in a if statement to prevent cookies from being set if the user has either not given a permission or not selected an answer yet.

document.__defineGetter__("cookie", function() { return '';} );
document.__defineSetter__("cookie", function() {} );

So far I have this code to check if the user has allowed cookies,

if(checkCookie != true){
    // Run code to redefine cookie setter getter to prevent cookies from being set
}else{
    // Don't do anything and the cookies should be run as usual.
};

Could someone enlighten me or point me in the right direction on how to use cookie setter and getter to do as I have explained?

Someone
  • 894
  • 3
  • 22
  • 43
  • 1
    You should know that servers typically set cookies via HTTP headers on responses. No Javascript is invoked when this happens, as the cookie is set before the page even begins being parsed. So you would probably only be able to intercept cookies set via javascript. Though you could read any previously set cookies, you won't be able to prevent them from being set. – Alex Wayne Nov 23 '12 at 09:06
  • Yeah I don't need to intercept cookies set by PHP as I have another solution for that I would just like to intercept those set by javascript, I plan on implementing this plugin on many html only websites so PHP cookies wont be a problem and the PHP solution I have is working for those other PHP sites. – Someone Nov 23 '12 at 09:19

1 Answers1

0

as Alex Wayne stated as comment to your question, cookies are set before you even see the <html> tag coming into your browser.

http goes like this:

HTTP/1.1 200 OK
Server: Nginx
Content-Length: x (size of the following content)
Content-Type: text/html (this is what identifies it as html)
Set-Cookie: foo=bar; expires=Tue, 4-Dec-2012 19:30:42 GMT; Max-Age=2592000; Path=/; Version="1"

<!DOCTYPE html>
<html>
...

what you could do, and must do to perform such an action is to set a "do not track me" session cookie that tells the server to not put any cookies onto the served requests.

another way could be to have a get variable in the address bar that tells the server to not set track cookies.

thats what cookies are for actually.

GottZ
  • 4,824
  • 1
  • 36
  • 46
  • "cookies are set before you even see the tag coming into your browser" So what is setting these cookies if they are before is apache setting cookies for the hell of it? I don't understand what you are saying before there is no code before :/ – Someone Nov 23 '12 at 09:25
  • @Sam: i've edited my question so you can see how the server responds. – GottZ Nov 23 '12 at 09:25
  • Your saying before: ????? – Someone Nov 23 '12 at 09:25
  • @Sam: exactly! thats it. its going before the doctype. – GottZ Nov 23 '12 at 09:26
  • the only seperation between the http header and the http content is two linebreaks – GottZ Nov 23 '12 at 09:26
  • How does that work why does apache set cookies for no reason? :/ – Someone Nov 23 '12 at 09:26
  • there is always a reason for setting cookies. nobody will set a cookie without any reason. php does it if you use session_start (wich is why you need to run it before putting anything out through echo or print) – GottZ Nov 23 '12 at 09:28
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/19984/discussion-between-jan-stefan-janetzky-and-sam) – GottZ Nov 23 '12 at 09:29
  • The cookies I am talking about our cookies that break EU law and if you are saying these cookies set before the html tag are for tracking, Who is setting these cookies? I mean if they are set before it means no php or javascript has been run yet, or are you saying before I see in my browser the server is running it and processing it before sending it to me and setting cookies I am lost here. – Someone Nov 23 '12 at 09:30