History: Overview of Cookies Used in Tiki

            {syntax type="markdown"  editor="wysiwyg"} # Overview of Cookies Used in Tiki

## List of cookies and consent requirements


Here is the list of cookies along with whether they require user consent and their duration:

"**Duration: default**" means that it is a session cookie, and it will expire once the session ends.

1. 1 **comments.php**

 The cookie is set twice without consent. 
 **Duration:** default 
 **Name:** comzone 
 **Use:** The cookie value determines whether the comments section should be shown or hidden.

1. 2 **tiki-discount.php**

 The cookies are set once without consent. 
 **Duration:** default 
 **Name:** tabs 
 **Use:** The tabs cookie is used to store the current tab that the user is viewing in the discount management interface.

1. 3 **tiki-login.php**

 The cookie is set once without consent. 
 **Duration:** defined in $prefs'remembertime' 
 **Name:** the cookie name is dynamically generated based on the site's configuration to avoid naming conflicts when multiple Tiki installations are on the same domain. 
 **Use:** this cookie allows users to remain logged in even after closing the browser, as long as the cookie is valid and hasn't expired.

1. 4 **tiki-setup_base.php**

 The cookie is set once without consent. 
 **Duration:** 1 year 
 **Name:** Dynamic value from $extra_cookie_name 
 **Use:** Used to confirm that the current user is indeed the owner of the session.

1. 5 **tiki-setup.php**

 The cookies are set once, require consent, and get deleted as per the user's preference.

1. 6 **lib/tiki-js.js**

 The script creates a custom `setCookie` function with the following features: 
\- Checks if the cookie already exists to avoid duplication. 
\- Handles expiration by defaulting to one year or session cookies. 
\- Integrates consent management by using an alternative storage mechanism (`tiki-cookie-jar.php`) when cookies are not allowed. If the alternative fails, it falls back to setting cookies in the browser directly. 
 In this file, the cookies are set once without consent. 
 **Name:** The name of the cookie is generated based on the data-name attribute of the .tabs element within the tab container. So, whatever value is stored in the data-name attribute of the .tabs element becomes the cookie's name. 
 **Duration:** Expires as soon as the browser is closed as its a session based cookie.

1. 7 **lib/tikiaccesslib.php**

 The cookies are set once. 
 **Duration:** The duration of this CSRF cookie is set to 0, which means it is a session cookie. The cookie is temporary and is automatically deleted when the user closes their browser. 
 **Name:** The cookie name is generated by appending '_CSRF' to the session name, which is obtained using session_name() 
 **Use:** This cookie helps in CSRF protection by verifying the token during form submissions or sensitive actions.

1. 8 **lib/tikilib.php**

 The cookies are set once without consent. 
 **Duration:** 300 days 
 **Name:** The name of the cookie is dynamically generated using the poll ID. 
 **Use:** This cookie helps manage voting sessions and ensures that the same user/IP doesn't vote more than once in a poll.

1. 9 **lib/userslib.php**

 This code deletes an existing cookie. 
 **Duration:** When the user logs out, the function sets the cookie to expire immediately. This is achieved by setting a negative expiration time. 
 **Name:** The cookie name is stored in the global variable $user_cookie_site. 
 **Use:** The purpose of this cookie is to store session or authentication information related to the user’s login state. During logout, the cookie is cleared to ensure the user is logged out properly.

1. 10 - **lib/banners/bannerlib.php**

 The cookies are set once without consent. 
 **Duration**: 90 days (or until a specified date). 
 **Name**: The cookie is named dynamically based on the banner's zone. 
 **Use**: Tracks the user's impressions (views) of the banner using a cookie, and limits views if a maximum is specified.

1. 11 **lib/ckeditor_tiki/tiki-ckeditor.js**

 The cookie is set three times, in two different part of the code, without consent. 
 **Duration:** The cookie is set to last for the duration of the session. This means it will be cleared once the browser session ends. 
 **Name**: wysiwyg_inline_edit 
 **Use:** This cookie is used to track whether the inline editing mode for the page is enabled or disabled. It helps maintain the state of the page (whether it's in editing mode or not) across different actions.

1. 12 **lib/comments/commentslib.js**

 The cookies are set three times without consent. 
 **Duration: default**
 __Name: anonymous_name, anonymous_email, anonymous_website. 
 **Use:** These cookies are used to store the user's anonymous name, email, and website when they submit a comment. The goal is to remember these details so the user doesn't need to re-enter them the next time they comment.

1. 13 **lib/jquery_tiki/tiki-admin.js**

 The cookies are set once without consent. 
 **Duration:** default 
 **Name:** sidebar_collapsed 
 **Use:** The cookie sidebar_collapsed is set when the sidebar is collapsed, storing the value "y". When this cookie is present, the sidebar remains collapsed even after the user refreshes or revisits the page. If the cookie is deleted (when the sidebar is expanded), the sidebar returns to its expanded state.

1. 14 **lib/jquery_tiki/tiki-connect.js**

 The cookies are set once without consent. 
 **Duration:** The cookie lasts for the duration of the browser session and is deleted when the browser is closed. 
 **Name:** show_tiki_connect 
 **Use:** The cookie tracks whether the "Connect Feedback" option is enabled or disabled in the admin interface elements.

1. 15 **lib/jquery_tiki/tiki-jquery.js**

 Multiple cookies set without any consent. Most of them here save user preferences related to the User Interface, improving user experience without requiring them to reset preferences every time. 
 **Duration:** default 
 1. **Name:** fgalKeepOpen 
 **Use:** To remember if a gallery or section should remain open based on the #keepOpenCbx checkbox state. 
 2. **Name:** Depends on the **foo** and **section** parameters passed to hide() and show() functions. 
 **Use:** To remember the visibility state of specific elements. The cookie stores whether an element is hidden ("c") or shown ("o"). 
 3. ...

1. 16 **lib/setup/javascript.php**

 The script sets multiple cookies, does not request consent. 
 1. **Name:** javascript_enabled 
 **Duration:** Approximately 1 year (365 days). It sets the cookie with an expiry of one year in milliseconds. 
 **Use:** This cookie is used to ensure that JavaScript is enabled for better site functionality. 
 2. **Name:** javascript_enabled_detect 
 **Duration:** 1 year 
 **Use:** This cookie counts the number of detection attempts. The goal is to stop checking after three failed attempts (i.e., when JavaScript remains undetected). 
 3. **Name:** runs_before_js_detect 
 **Duration:** This cookie is deleted upon detection. 
 **Use:** This was a legacy cookie used in older versions of Tiki to track the number of times JavaScript detection was attempted. It is no longer in use, and the code deletes this cookie. 
 **Key Behavior:**
 If JavaScript is enabled, the system sets the javascript_enabled cookie to y and updates 
 the preference. 
 If JavaScript is disabled, or the detection fails after three attempts, the system sets 
 the preference to n and stops further attempts to detect it.

1. 17 **lib/smarty_tiki/BlockHandler/Tabset.php**

 The script sets the cookie once, does not request consent. 
 **Duration:** default 
 **Name:** Dynamic name (based on tabset) 
 **Use:** Keeps the selected tab or toggle state ("Tab View" or "No Tabs") across page reloads or visits.

1. 18 **lib/soap/soaplib.php**

 The script sets cookies multiple times depending on the `$this->cookies` array, with the `allowCookies` variable suggesting that user consent is respected. 
 **Duration:** default 
 **Name:** Dynamically set from $cookieName (based on the server's response or request setup). 
 **Use:** Stores session-related information for maintaining state across SOAP requests.

1. 19 **lib/tikihelp/menu/ftiens4.js**

 The script sets the cookie nine times, does not request consent. 
 **Duration:** default 
 1. **Name:** clickedFolder 
 **Use:** Stores the ID of folders that were clicked/opened in the UI, preserving the state of open/closed folders. 
 2. **Name:** highlightedTreeviewLink 
 **Use:** Stores the ID of the last clicked or highlighted node in a tree view.

 These cookies ensure folder and node states are consistent across sessions or page reloads.

1. 20 **templates/remarksbox.tpl**

 The cookies are set once without consent. 
 **Duration:** default 
 **Name:** dynamic name in $remarksbox_cookiehash (a unique identifier for the specific remarks box) 
 **Use:** The cookie helps remember the state of the remarks box. Once closed by the user, this cookie ensures the box stays hidden (or closed) during future visits or page reloads.

1. 21 **templates/tiki-editpage.tpl**

 The cookies are set once without consent. 
 **Duration: default**
 **Name:** preview_diff_style 
 **Use:** The cookie is set when the user clicks the preview button during page editing to remember the chosen diff style in the preview pane. This allows the preview to maintain a consistent display style as the user makes edits.

1. 22 **templates/tiki-preview.tpl**

 The script contains 2 cookies, does not request consent. 
 **Duration: default**
 1. **Name:** preview_diff_style 
 **Use:** This cookie stores the user's chosen style for how they want to see the differences between versions of the wiki page during editing. 
 2. **Name:** wiki 
 **Use:** This cookie ensures that the height of the preview box remains consistent across the session.

1. 23 **templates/tiki-view_forum.tpl**

 The script sets cookies twice, does not request consent. 
 **Duration:** default 
 **Name:** anonymous_name 
 **Use:** Stores the entered name of anonymous users when posting or previewing a comment, so the system remembers it during the session.

1. 24 **tiki_tests/tiki-tests_record.php**

 The script contains two cookies, does not request consent. 
 **Duration:** expire when the browser is closed. 
 1. **Name:** tikitest_record 
 **Use:** This cookie is used to track the state of a "test" or record-keeping process. 
 2. **Name:** tikitest_filename 
 **Use:** Stores the name of the file associated with the current test or record process.

# Essential vs. Non-Essential for Tiki Functionality

## Essential Cookies (required for Tiki to function properly)

- **Login Cookie** (tiki-login.php)

 Keeps users logged in after closing the browser.

- **Session Owner Cookie** (tiki-setup_base.php)

 Confirms session ownership to maintain security.

- **CSRF Protection Cookie** (lib/tikiaccesslib.php)

 Protects against Cross-Site Request Forgery (CSRF) attacks.

- **User Logout Cookie** (lib/userslib.php)

 Clears session and authentication information upon logout.

- **javascript_enabled** (lib/setup/javascript.php)

 Detects if JavaScript is enabled, which is crucial for many Tiki features.

- **SOAP Session Cookie** (lib/soap/soaplib.php)

 Maintains state across SOAP requests (if using SOAP services).

- **Folder Click Cookie** (lib/tikihelp/menu/ftiens4.js)

 Tracks folder state in the user interface.

- **PHPSESSID Php session cookie:**

 A session cookie that is used to identify a user's session. It stores a unique identifier for a user's session on the server and ensures session's state between the server and browser is maintained.

## Non-Essential Cookies (enhance functionality but not critical for basic operation)

- **comzone** (comments.php)

 Tracks if the comments section should be shown or hidden.

- **tabs** (tiki-discount.php)

 Stores the current tab in the discount management interface.

- **Tab Container Cookie** (lib/tiki-js.js)

 Stores tab states in the user interface for convenience.

- **Poll Voting Cookie** (lib/tikilib.php)

 Prevents multiple votes on the same poll.

- **Banner View Cookie** (lib/banners/bannerlib.php)

 Tracks banner impressions for advertising purposes.

- **wysiwyg_inline_edit** (lib/ckeditor_tiki/tiki-ckeditor.js)

 Tracks the state of inline editing mode.

- **anonymous_name (comments)** (lib/comments/commentslib.js)

 Stores the anonymous user name for commenting.

- **sidebar_collapsed** (lib/jquery_tiki/tiki-admin.js)

 Keeps the sidebar collapsed state.

- **show_tiki_connect** (lib/jquery_tiki/tiki-connect.js)

 Tracks the Connect Feedback option in the user interface.

- **UI Preferences** (lib/jquery_tiki/tiki-jquery.js)

 Saves user interface preferences for a better experience.

- **Tabset State Cookie** (lib/smarty_tiki/BlockHandler/Tabset.php)

 Stores tabset state for consistent tab visibility.

- **Remarks Box Cookie** (templates/remarksbox.tpl)

 Stores the state of the remarks box.

- **Preview Diff Style Cookie** (templates/tiki-editpage.tpl)

 Tracks preview diff style in page editing.

- **wiki (preview height)** (templates/tiki-preview.tpl)

 Keeps the height of the preview box consistent.

- **anonymous_name (forum)** (templates/tiki-view_forum.tpl)

 Stores the anonymous user name for forum posting.

- **tikitest_record** (tiki_tests/tiki-tests_record.php)

 Tracks test/record state in testing functionalities.

- **tikitest_filename** (tiki_tests/tiki-tests_record.php)

 Stores the file name during the test/record process.



{DIV(class=titlebar)}Related pages{DIV}


- ((Dynamic Content))
- ((PluginCookie))