I totally agree with douwe.
For other parts, PHPFusion is a session based CMS. Only for login, the browser must have a key to interact with PHPFusion without a login password. That key is the browser Cookie. Without it, the login period will be just for 1 second, and for security reason, we redirect after a login, and that automatically will logout anyone without the cookie.
As far as I know, the problem is not lying with a Cookie that is used by current visited website, but 3rd party cookies. That is the main difference. Most user do not mind users having cookies to interact with that site, it is given to you by the site because it trusts you, and therefore authenticate you in without rejecting you. But when a website introduces a 3rd party cookie that must be informed to user because injecting it without users knowledge is a breach of GDPR. That is actually where the drama is.
When a platform shares personal information with other people, it doesn't even need cookies. Here is the database, there you go. You get what I mean. The money nowadays is in targeted audience and they need age, sex, location to do that. These are not in a cookie, unless the website gives it out like what Facebook used to do via their "Login via Facebook". That button will give whole ton of information from Facebook to the website.
The other misuse of cookies is when one user visits a website, and that website poses a huge load of ads and pop up ads and banner ads and footer ads and pop up ads every overlays. Yes, to a point where it is inconvenient to use a website. When you use a cookie blocker, ads can't be served as these ads are "view based" for advertiser to pay to the current website you're viewing. When you block that cookie, the ads cannot be served to you because when advertiser cannot confirm whether you viewed it already or not.
All these, are not within the scope of PHPFusion CMS at any level.
PHPFusion is on a standard level. We don't go beyond, and we don't do less either. In the open web, the CMS is used by organizations and at the government level as well. So personally I do not think first party cookie is any issue at all.
0 replies