We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Building Privacy Policy: Need to know technical ways EE works with user IP Number, Cookies

February 26, 2011 9:24pm

Subscribe [2]

  • #1 / Feb 26, 2011 9:24pm

    Susan

    81 posts

    I’m writing a privacy policy for my site. I want to know, from technical perspective, what EE does so far as “personally identifiable” information such as IP address and cookies.

    I’ll take a stab here at what I’ve come up with so far. I know that people build different kinds of sites (yes membership, no membership, yes forum, no forum), and use sessions and/or cookies, so there are a lot of ifs here. REQUEST: Do you know something else besides what you see here? Please add it.  (Maybe this will become a Wiki entry once it’s complete enough, eh? Surely I’m not the only one who wants this info)

    IP ADDRESS
    EE Docs for version 2.x and version 1.x state that IP addresses are stored for “membership accounts, channel entries, comments, and forum posts.”

    Personally identifiable
    * If a person comments on the site, the IP address is recorded in addition to whatever personally identifying info visitor submits along with comment (usually email address/web site). This is true whether or not the person is a logged-in member of the site
    * IP address is recorded for person who is member of site… (QUESTION at the time s/he joins site? Just noticed that my IP address in my MY Account area is an old one, changed internet providers, so is old)
    * IP address is recorded for creation of weblog/channel entries
    * IP address for forum posts, if EE has Forum Module installed.
    * IP user sends message, the Email Console Log records the IP address in addition to the message contents.

    Not personally identifiable
    * The IP address is recorded in the referer module
    * OTHERS?

    There is IP to nation and IP as part of blacklisting, too.

    COOKIES
    Members who are logged in have cookies tracking things. This is totally true when System prefs for Cookies are set to Cookies.
    (QUESTION: What cookies are set when EE Admin is set for Sessions Only? Based on this comment by Lisa Wess (almost 1 year ago exactly), EE sets some cookies no matter what.)
    * There’s also something that EE 1.4 & later has offered for Forums and non-logged-in users

    Added 2 new cookies used with non-logged-in users which enable us to track “read forum topics” with guests.

    So, I guess that the statement on the ExpressionEngine.com Privacy Policy page in the Cookie section pretty much stands as a technically factually correct guide for EE sites.

    Our website utilizes “cookies”. A “cookie” is a small text file that permits us to recognize your browser in order to customize your experience, or permit you to access restricted areas. Cookies do not contain personal information.

    In other words, for any privacy policy for an EE-based site, even if it’s as simple and as plain as all get out, the privacy policy should ALWAYS say “We use cookies.”

    Comments? Additions?

  • #2 / Feb 27, 2011 1:54pm

    John Fuller

    779 posts

    I would say that for IP’s, in general the site records all IP’s.  The IP’s from joining to all IP’s the user has visited the site with.  Aside from the IP’s which ExpressionEngine will store in the DB (mainly used for sessions) you also likely have user IP’s in your webserver access logs and analytics software.

    If you want a list of items which are stored in a session you can take a look at this list showing at the link below.  Some of these items are in the DB, others are stored in the cookie.  Of course, not all items show for a non logged in guest.

    http://ellislab.com/expressionengine/user-guide/development/usage/session.html

    You could also try actually looking at your own cookies to see what info is stored in those.

  • #3 / Feb 27, 2011 7:21pm

    Susan

    81 posts

    Thanks, John, for pointing out the session item. I tend not to use Sessions, so it hasn’t been on my radar, but it’s a handy resource to have here.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register