anyone heard of the UK Cookie law which went into effect May 26th, 2011 but will begin to be enforced May 26,2012? (http://www.theregister.co.uk/2012/04/05/eprivacy_directive_web_analytics/)
Is there a way to disable JSESSIONID per URL on a server where multiple URL suffixes are being served? (.uk, .de, etc.)
The server(s) in question are serving up WebSphere Portal (v6.1)
This topic has been locked.
1 reply Latest Post - 2012-04-30T14:23:35Z by Sunit
Pinned topic UK Cookie Law - disable JSESSIONID per URL suffix (.uk)
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-04-30T14:23:35Z at 2012-04-30T14:23:35Z by Sunit
Sunit 100000DWFV169 PostsACCEPTED ANSWER
Re: UK Cookie Law - disable JSESSIONID per URL suffix (.uk)2012-04-30T14:23:35Z in response to migxmacThat specific law is targeted towards cookies being used to track users behavior, surfing habits, web analytic, advertisements, etc. If your application is using cookies for that purpose then you have to ask explicit permission from users to store and track cookies on their desktop/client.
If you do not want to use JSESSIONID, you can always use the URL rewrite technique for session management. This is a little unwieldy and can enfore certain limits in terms of data included. Also, it can expose certain data that should not be exposed by making it part of the URL thus causing security headaches.
Having said all this, JSESSIONID discussion should be posted to the WebSphere Application server forum. This forum is meant for IBM HTTP Server.