Cookie-free domains


#1

is it possible to use cookie-free domains in grav?
in wordpress it can be done like in this article https://www.keycdn.com/support/how-to-use-cookie-free-domains/
but i dont know how to achieve it in grav, any idea or hints?

thanks and best regards


#2

I would be interested in disabling session cookies, too. Also there is a setting session.enabled in user/config/system.yaml, setting it to false throws an error (“Server Error … 0 - The Login plugin requires “system.session” to be enabled”). Since the login plugin is required if using the admin UI, it’s not possible to disable session cookies even for pages not containing any form.

However, it should be possible to suppress session cookies for regular web pages not containing forms, shouldn’t it? Pages with forms such as login pages could override the session.enabled setting explicitly or implicitly.


#3

You could use different environments. Use ‘admin.yoursite.com’ with cookies and disable cookies for yoursite.com.


#4

i’ve followed the step in the link above:

any idea how to achieve it in grav way?

@chris_jung
how to disable cookies in grav?

thanks and best regards,
stifan


#5

As I wrote in my reply, set session.enabled to false in user/config/system.yaml to disable cookies.


#6

Problem are restricted and contact pages in the yoursite.com domain still requiring session cookies. It would be possible to just enable session for those pages, but if I understand it correctly, code in the login plugin has to be changed for this, since the login plugin checks for the session.enabled setting globally (file user/plugins/login/login.php, lines 69-72).


#7

Is-it possible to override this login plugin with a “clean way” ?


#8

Finally I just commented “throw new \RuntimeException(‘The Login plugin requires “system.session” to be enabled’);” on line 81 (file user/plugins/login/login.php) and set session.enabled to false in user/config/system.yaml.

In fact the system only checks if session is enabled to get “an authorization”.
If you don’t check system.session, the login plugin will create the session too.


#9

Much easier since Grav 1.4.6:
set
system session.enabled to true and
system session.initialize to false


#10

I also am interested in creating a cookie-free site (because I don’t see why it would need one and GDPR makes cookies a bit of a hassle). I just tried what you suggested @arank, but the grav-site cookie still pops up again. I tried clearing the cache but to no avail. How do I get rid of that cookie?

EDIT: I am so sorry! I uploaded it into the wrong directory… :sweat_smile: Now that’s fixed, the cookie is gone and everything is working like a charm. So thank you very much @arank!