Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Suppressing auto-creation of sessions in RoR, for the glory of Europe

I'm new to Ruby on Rails but it seems it creates a new session every time a new user visits the website. The problem is, creating a session involves placing a cookie on the user's browser and the problem with that is that cookies are illegal in Europe!!!

An exceptionally technologically-ignorant directive holds the user must give his prior consent for any cookie being placed on their computer, and, if Ruby on Rails sets a cookie immediately, I've got no chance for getting the consent. Immediately on the first visit to my application, the cookie probably does not serve any purpose from the website's functionality point of view, so the excuse of "implied consent" would also be invalid in court.

So, is it possible to configure a RoR application so that it does not create sessions automatically?

like image 606
lampak Avatar asked Aug 03 '12 21:08

lampak


1 Answers

There is a library that handles most of this for you: rack-policy

It will kill any cookies you/rails attempt to set unless a cookie called rack.policy exists. It also provides view helpers to tell you whether cookies are currently enabled, so that you can hide/shoe banners or functionality as appropriate.

You might want to note that a lot of websites (eg the bbc) have taken the approach of using cookies as normal but displaying a warning with word to the effect of "by continuing to use this website you are agreeing to our use of cookies" (with links to more info and an option not to show the warning anymore).

like image 197
Frederick Cheung Avatar answered Nov 04 '22 01:11

Frederick Cheung