[英]Cookie Consent Logic Following GDPR guidelines
I haven't deployed a website since GDPR became a thing and sort of confused with some logic I need to do server and client-side to comply with GDPR.自从 GDPR 成为一种东西以来,我就没有部署过网站,并且对我需要在服务器端和客户端执行以符合 GDPR 的某些逻辑感到困惑。 Sorry for the multiple questions here.
抱歉这里有多个问题。
Are there any good resources out there about more in-depth cookie policy implementation, particularly with Express and React?有没有关于更深入的 cookie 策略实现的好资源,尤其是 Express 和 React?
Here is how I understand the topic.以下是我对这个主题的理解。 This is no legal advice.
这不是法律建议。
Regarding #1, users are aware that logging in means making themselves known to the server, and the session cookie serves no other purpose than that.关于#1,用户知道登录意味着让服务器知道他们自己,并且会话 cookie 没有其他用途。 In other words: By pressing the "Login" button, they consent to that cookie (but that one only).
换句话说:通过按下“登录”按钮,他们同意该 cookie(但仅限于该 cookie)。 The session cookie must be deleted from client and server when the user logs off again (because it has then reached the end of its purpose).
当用户再次注销时,会话 cookie 必须从客户端和服务器中删除(因为它已经达到了目的)。 Ideally, delete it from the server also when the user "logs off" by simply closing the browser.
理想情况下,当用户通过简单地关闭浏览器“注销”时,也将其从服务器中删除。
It is a different question how far you are allowed to "track" the actions of logged-in users.允许“跟踪”登录用户的行为多远是一个不同的问题。 But that has got to do with the transparency of your application and nothing to do with cookies.
但这与您的应用程序的透明度有关,而与 cookie 无关。
Regarding #2 and #3, if your application uses no other cookies than the session cookie, you should not bother users with cookie pop-ups at all.关于#2 和#3,如果您的应用程序除了会话cookie 之外不使用其他cookie,您根本不应该用cookie 弹出窗口来打扰用户。 Only after you start using other cookies (#4) must you confront this issue.
只有在您开始使用其他 cookie (#4) 之后,您才必须面对这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.