There’s been a lot of confusion about the EU cookie law, and what exactly organizations need to do to comply with all its requirements. In essence, the EU Cookie Law requires all members of the EU Member States to clearly disclose how websites store, track or otherwise access user data through HTTP Cookies, Flash Local Storage Objects (LSOs), and other web tracking techniques such as web bugs and HTML5 local storage.
As the May 26th, 2012 deadline for penalty enforcement approaches, HP has received several inquiries about how WebInspect can help their organization comply. While WebInspect doesn't help with the implementation of how your site complies with this regulation, it can easily help you identify various aspects of your site and how it uses the aforementioned technologies.
Tip 1: Identify Cookies on Your Site: Perform an Authenticated Crawl
If your application provides a method for user authentication, be sure to configure a login macro to enable access to the authenticated portions of your site in order to capture session-related cookies.
Once the crawl completes, click on the top level node on the site tree and click on the Cookies section under Host Info. This will list all of the cookies WebInspect encountered during your authenticated crawl.
Tip 2: Identify Adobe Flash Local Storage Objects (LSOs)
If your site incorporates Adobe Flash Local Storage Objects (LSOs) and/or Cookies, an entry will be present within the vulnerability section of your completed crawl entitled Shared Flash Storage Object.
Tip 3: Review your website's usage of HTML5
To find HTML5 local storage objects within your site, open the Search tab beneath Sequence and Step Mode in the bottom left side of the WebInspect user interface. Select Raw Response from the drop down, and supply the following regular expression as the search criteria:
Next, select any relevant search results that appear. If you have trouble finding the relevant snippet, you can select the scripts section under session info and search the HTTP Response using the same regular expression as above.
Tip 4: Identify any areas of your website that track user activity
We list the most common client storage methods that fall under the EU Cookie Law in this post; however, every implementation is different and may pose a unique challenge for automated detection. The key is knowing your site composition and how you solicit and track information from your visitors.
What are you doing to prepare for the EU Cookie Law? Leave a comment; we’d like to hear from you.
- Cookie Regulations and the new EU Cookie Law
- How to comply with the EU Cookie Law in the UK
- EU cookie laws could cause unwary firms to get their fingers burnt
- Web Buggery: Analyzing Tracking Images
- Web Bugs (Wikipedia)
- Web Analytics Comparison