|Cookie / Session-cookies in core & EU cookielaw||micschk||10/11/12 2:01 PM|
Right now, preventing a cookie from being set, requires some hacking of the core, since at least a session is always started (hardcoded) from the session class. Would the approach taken in the Cookie class enhancement  by Matt Lewis also be the way to go for the Session class?
As I understand, thanks to this enhancement it is now possible to subclass the Cookie class and prevent a cookie from being set until permission has been given. I need this functionality for a session cookie as well, so I'd then try to implement the same get_inst() functionality on that class. But there's been some discussion if instead the Injector class shouldn't be used for this kind of enhancements. As far as I can tell though, that would require modifications of any code now using the session class throughout the core, right?
(The new cookie law in the Netherlands doesn't allow a website to set any cookies (session/non-session) without first getting approval. This is a bit stricter than UK, where I think you just have to inform that a cookie has been set.)