Cookie / Session-cookies in core & EU cookielaw

Showing 1-1 of 1 messages
Cookie / Session-cookies in core & EU cookielaw micschk 10/11/12 2:01 PM
Right now, preventing a cookie from being set, requires some hacking of the core, since at least a session is always started (hardcoded) from the session class. Would the approach taken in the Cookie class enhancement [1] by Matt Lewis also be the way to go for the Session class?

As I understand, thanks to this enhancement it is now possible to subclass the Cookie class and prevent a cookie from being set until permission has been given. I need this functionality for a session cookie as well, so I'd then try to implement the same get_inst() functionality on that class. But there's been some discussion if instead the Injector class shouldn't be used for this kind of enhancements. As far as I can tell though, that would require modifications of any code now using the session class throughout the core, right?

(The new cookie law in the Netherlands doesn't allow a website to set any cookies (session/non-session) without first getting approval. This is a bit stricter than UK, where I think you just have to inform that a cookie has been set.)

[1] https://github.com/silverstripe/sapphire/commit/ebb2458f22f44e740f93fc99c49240cb72e9c6e6