是否可以阻止使用Javascript或PHP设置Cookie？ [英] Is it possible to block cookies from being set using Javascript or PHP?

问题描述

很多人可能知道新的欧盟隐私法，但是对于那些不是的人来说，这基本上意味着没有任何由居住在欧盟的公司经营的网站可以将Cookie归类为非必要的操作网站在访问者机器上，除非明确许可这样做。

A lot of you are probably aware of the new EU privacy law, but for those who are not, it basically means no site operated by a company resident in the EU can set cookies classed as 'non-essential to the operation of the website' on a visitors machine unless given express permission to do so.

因此，问题是如何最好地处理这个问题？

So, the question becomes how to best deal with this?

浏览器显然有能力阻止cookie从一个特定的网站内置到他们。我的问题是，是否有一种方法使用JS或PHP做类似的事情？

Browsers obviously have the ability to block cookies from a specific website built in to them. My question is, is there a way of doing something similar using JS or PHP?

拦截任何可能尝试设置的Cookie（包括Google Analytics（分析）或Facebook等第三方Cookie），并阻止它们，除非用户已同意。

i.e. intercept any cookies that might be trying to be set (including 3rd party cookies like Analytics, or Facebook), and block them unless the user has given consent.

删除所有的cookie，一旦它们被设置，但虽然这是相同的事情，因为不允许他们设置在第一位，我猜这是不够好在这种情况下，因为它不坚持

It's obviously possible to delete all cookies once they have been set, but although this amounts to the same thing as not allowing them to be set in the first place, I'm guessing that it's not good enough in this case because it doesn't adhere to the letter of the law.

想法？

推荐答案

很感兴趣这个答案太。我已经完成了我需要在PHP中完成，但是JavaScript组件仍然不包括我。

I'm pretty interested in this answer too. I've accomplished what I need to accomplish in PHP, but the JavaScript component still eludes me.

这是我在PHP中的做法：

Here's how I'm doing it in PHP:

$dirty = false;
foreach(headers_list() as $header) {
    if($dirty) continue; // I already know it needs to be cleaned
    if(preg_match('/Set-Cookie/',$header)) $dirty = true;
}
if($dirty) {
    $phpversion = explode('.',phpversion());
    if($phpversion[1] >= 3) {
        header_remove('Set-Cookie'); // php 5.3
    } else {
        header('Set-Cookie:'); // php 5.2
    }        
}

问题是，在我的网站中使用第三方插件，通过javascript操纵cookies，而且没有通过它们扫描确定哪些访问document.cookie - 他们仍然可以设置cookie。

The problem is that there are third party plugins being used in my site that manipulate cookies via javascript and short of scanning through them to determine which ones access document.cookie - they can still set cookies.

这将是方便的，如果他们都使用相同的框架，所以我可以覆盖setCookie

It would be convenient if they all used the same framework, so I might be able to override a setCookie function - but they don't.

如果我可以删除或禁用document.cookie，这样会变得不可访问...

It would be nice if I could just delete or disable document.cookie so it becomes inaccessible...

编辑：
可以防止javascript访问获取或设置Cookie。

It is possible to prevent javascript access to get or set cookies.

document.__defineGetter__("cookie", function() { return '';} );
document.__defineSetter__("cookie", function() {} );

编辑2：
要在IE中使用：

EDIT 2: For this to work in IE:

if(!document.__defineGetter__) {
    Object.defineProperty(document, 'cookie', {
        get: function(){return ''},
        set: function(){return true},
    });
} else {
    document.__defineGetter__("cookie", function() { return '';} );
    document.__defineSetter__("cookie", function() {} );
}

这篇关于是否可以阻止使用Javascript或PHP设置Cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！