Skip to content
Grav 2.0 is officially stable. Read the announcement →

Community guidelines

Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.

Log in Register
General

Web without cookies

Solved by pamtbaau View solution

Started by Sergi 4 years ago · 4 replies · 1747 views
4 years ago

Hello,

I have seen that Grav installs 3 essential cookies:

grav-admin-flexpages
grav-admin-sidebar
grav-tabs-state

Is there any way to prevent these cookies? I have the whim to make a website without cookies (paranoia of a developer... ;).

I understand they're necessary for the admin plugin, and I know exists a plugin to create static sites (which I haven't tried yet) but.. Is there any native configuration in Grav to do it?

Thank you very much!

last edited 02/27/22 by pamtbaau
4 years ago

@sdesergi, On technical forums it is often appreciated when the OP shows what has been undertaken to solve the issue before posting the question...

You could think of:

  • showing you've searched Discourse,
    • which suggestions have been tried, but did not solve the issue
  • showing what else has been tried so far and with what results?
last edited 02/27/22 by pamtbaau
4 years ago

Thanks for the reply, @pamtbaau

Well, good critique 🙂
The search you point to I did. The configuration that @arank points to in this thread ("system session.enabled: true" and "system session.initialize: false") doesn't work for me.

imatge|576x137

The thread is 4 years old and the Grav version is 1.4, so I gather a lot of things have changed. I don't know how to implement the solution proposed by @chris_jung. Can the admin plugin be used from a subdomain? I haven't seen anything in the documentation or the forum.

The next matching thread is unanswered.

I have no in-depth knowledge of Grav, I am a newcomer (and very happy to have found this CMS). Maybe I should have started this thread in the support forum? If so, I'll change it in a moment...

Any clue that can help me or a thread I couldn't find?
Thank you very much

4 years ago Solution

@sdesergi, Yes, I know, I'm nagging....

Variables system session.enabled: true and system session.initialize: false work fine for disabling cookies for Grav itself.

Apart from not using Admin, I'm not aware of any way to disable cookies for Admin.

Since HTTP is stateless, some form of passing at least some sort of an "identifier" of a logged-in user between client and server would be required for Admin. I'm not aware of an option to switch the client/server communication between using a cookie, GET, or POST.

Even if it would be possible, with respect to any possible privacy breach, what difference would it make if cookies, GET or POST are being used to keep track of user data?

Also, since Grav is open source, you can check for yourself what data is being used by looking at the code.

And you could of course use VPN when using Admin.

But arguing with someone being paranoid doesn't really work does it? ;-)

👍 1
4 years ago

I was fighting myself silly. I didn't delete the old cookies correctly... 😅 You're right @pamtbaau, variables works fine. Cookies are only set on devices when you use the admin plugin and log in.

Thanks for your patience! 🙂
(My paranoia is now rampant...)

Suggested topics

Topic Participants Replies Views Activity
Well done Grav Team
General · by Jerry Hunt, 4 days ago
2 74 6 hours ago
Grav 2, Admin Next, API and Migrate are now in production!
General · by pamtbaau, 12 hours ago
1 47 11 hours ago
Welcome to the new Grav Forums!
General · by Andy Miller, 24 hours ago
0 44 24 hours ago
How active is Grav?
General · by Marcel, 12 months ago
6 346 5 days ago
Contents in bin folder delete itself during core updates
General · by Duc , 5 days ago
3 39 5 days ago