Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

PECR, ICO cookies regulations

The new Privacy and Electronic Communications Regulations (PECR), announced by the Information Commissioner’s Office (ICO) in 2011, comes into effect on 26th May 2012.  In advance of the ICO cookies compliance date, organisations are expected to take appropriate steps to be compliant, which include making proactive changes to their websites.

We have blogged about this topic before and reference should be made to the official EU cookie compliance guide (registration required) which contains news and advice for organisations in Europe and around the world for complying with the cookie law.

The ICO provides specific guidance on PECR compliance.  However this is not all that clear (to me at least), so the absence of clear guidance on cookie compliance, and the range of practical difficulties that will be encountered in determining what to do with each identified cookie, may lead many website operators to struggle with the compliance process.

Continue reading

Session Fixation Protection

Came across an interesting article on Session Fixation Protection [requires registration].  In essence a session fixation is a vulnerability caused by incorrectly handling user sessions in a Web application. A user’s session is usually tracked by a cookie, which is assigned when the user visits the page with the Web application for the first time. The problem occurs when this cookie does not change for the duration of the browsing session; users authenticate and log out, but their session cookie remains the same. This is often the default behaviour of an application.

Whilst understanding the problem, I tend to wonder just how much of a problem it actually is in real life.

The only solution is correct coding of the Web application, always assigning a new cookie immediately after a user has authenticated on a site.

Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries