UPDATE 2012-05-28: I’ve turned off/deinstalled most of the cookie using plugins. I still have Google Analytics (behind a “Do you mind if I give you some cookies” jQuery), and Bad Behaviour 2 (and WordPress itself, of course) sending cookies, and I consider those to be “non-negotiable”. If you’re not happy, don’t visit my site. BTW, since I’m not a company, and I don’t use this site for commercial purposes, I don’t believe I need to give a flying f**k about PECR, but better safe than sorry; the Tory police state isn’t a long way away at this point.
The fact that I am having to write this page at all gives some indication of how far askew from “how the Internet works” the EU bigwigs have become. I personally find the PECR stupid and unworkable, but it’s UK law now so what can I do other than (a) ignore it, or (b) comply with it.
Anonymous users (i.e., not logged in, and that’s pretty much all of you) get a few cookies. One comes from WordPress itself (“PHPSESSID”) almost immediately and I really wish you didn’t get this one; you don’t need it and it does nothing useful in real terms. Unfortunately, the WordPress team doesn’t consider International Law to be important, and would rather take short cuts than actually not send you this one *unless* you log in (at which point, there are again other cookies they could use rather than this). If I were more PHP savvy, I’d dig about in their code and get rid, but I’m not. If you post a comment, a couple of cookies (with your real name and email address) will be sent to you so that the comment fields can be auto-populated for you. In theory, these could be held until consent is given, and/or merged into a single cookie (and I may look into doing this myself), but any change would have to be submitted to WP for inclusion, or it’d be wiped out with the next release.
The Bad Behaviour plugin sends a cookie (“bb2_screener_”) that contains a timestamp and your IP address, and it uses this cookie to monitor your behaviour. If you look like a spambot to it, it’ll prevent you spamming, otherwise it let’s you be.
The Cookie Control plugin, if you say “yes” to cookies, will send you one cookie that indicates you said yes, and then Google Analytics will send you four cookies to track your use of the site (and they claim this tracking is anonymous). These four from Google are the only “proper” tracking cookies that I will send you.
Logged in users (and there are only two of them currently, and I’m one of them), get five more cookies from my WordPress installation that let it know who you are, what your site preferences are, etc.
The table below details all cookies my WordPress could possibly send you:-
Not logged in
|Name||What & Why||Expires|
|civicShowCookieIcon||PECR compliance script answer cookie||Thirteen weeks|
|__utma||Four cookies from Google Analytics. The Cookie Control plugin will stop these if you don’t say “yes” to it.||2 years|
|__utmb||See above||30 minutes|
|__utmc||See above||End of session*|
|__utmz||See above||1 year|
|PHPSESSID||WordPress is written in PHP, so it necessarily uses PHP session handling which needs this cookie to work. Safe to delete, even if you’re browsing the site still.||End of session*|
|bb2_screener_||This cookie comes from the Bad Behaviour 2 plugin. Used to monitor your usage and block spamming (if that’s what you are doing).||End of session*|
|comment_author_<id>||If you post a comment, this cookie stores your real name to pre-populate the comment form field in future.||1 year|
|comment_author_email_<id>||If you post a comment, this cookie stores your email address to pre-populate the comment form field in future.||1 year|
|Name||What & Why||Expires|
|wordpress_<id>||These two are path-specific. No idea what they are used for otherwise.||End of session*|
|wordpress_<id>||See above||End of session*|
|wordpress_logged_in_<id>||I’m guessing this tells WordPress that you are logged in.||End of session*|
* “End of session” means when you close the browser tab/entire browser. If you don’t close the tab/browser, these cookies will hang around like a bad smell at a party.
This website and it’s contents are copyright © 2011 Murray Crane, all rights reserved under applicable UK and EU law. All trade marks and registered trade marks are acknowledged and the property of their respective holders.
You should only have reached this content via my domain, murraycrane.org, and not any other domain name.