GeoNetwork cookies

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

GeoNetwork cookies

timo-siegward.altemeier
Hi,

today (25.05.2018) the European "General Data Protection Regulation" will be applied. Therefore, I would like to know what data is stored in the cookies of GeoNetwork. Is this information documented somewhere?


Regards
Timo
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Reply | Threaded
Open this post in threaded view
|

Re: GeoNetwork cookies

Jose Garcia
Hi

I don't think are documented, but doing some tests these seem the main
cookies stored:

- JSESSIONID, it's used to identify the user session in the server.
- serverTime, sessionExpire to track expire session message for logged
users.
- XSRF-TOKEN to prevent Cross-site request forgery attacks
- cookiesAccepted to track the acceptance of the cookies message.
- basketAnonymousUserlist: To track for anonymous users the list of
metadata in the basket (GN 3.4.x), logged users store this info in the
server session afaik.

*As far as I know (but would be good to confirm also by other developers) *no
user personal data should be stored in the cookies apart of the JSESSIONID
used to identify the user session in the server.

Geonetwork stores in the database some data about the users, please check
the following tables in the database: Users, Groups,
GUF_UserFeedbacks, Address and Email,  as this information is relevant for
GDPR. I think I don't forget any relevant table, but a check to the other
tables can be relevant also.

Regards,
Jose García

On Fri, May 25, 2018 at 11:57 AM, <
[hidden email]> wrote:

> Hi,
>
> today (25.05.2018) the European "General Data Protection Regulation" will
> be applied. Therefore, I would like to know what data is stored in the
> cookies of GeoNetwork. Is this information documented somewhere?
>
>
> Regards
> Timo
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> GeoNetwork-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/geonetwork-users
> GeoNetwork OpenSource is maintained at http://sourceforge.net/
> projects/geonetwork
>



--













*Vriendelijke groeten / Kind regards,Jose García
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664> <https://www.facebook.com/geocatbv>
<https://twitter.com/geocat_bv>
<https://plus.google.com/u/1/+GeocatNetbv/posts>Please consider the
environment before printing this email.*
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
Reply | Threaded
Open this post in threaded view
|

Re: GeoNetwork cookies

Jo Cook
Hi All,

We've been looking into this for GDPR too. The other thing of interest are
the IP addresses stored for search statistics, and access logs on the
server. This can't be tied to specific users (I don't think) but we've
chosen to declare that it's done anyway. We've modified the cookie notice
and the home page to link to our privacy policy too.

Jo

On Fri, May 25, 2018 at 11:41 AM, Jose Garcia <[hidden email]>
wrote:

> Hi
>
> I don't think are documented, but doing some tests these seem the main
> cookies stored:
>
> - JSESSIONID, it's used to identify the user session in the server.
> - serverTime, sessionExpire to track expire session message for logged
> users.
> - XSRF-TOKEN to prevent Cross-site request forgery attacks
> - cookiesAccepted to track the acceptance of the cookies message.
> - basketAnonymousUserlist: To track for anonymous users the list of
> metadata in the basket (GN 3.4.x), logged users store this info in the
> server session afaik.
>
> *As far as I know (but would be good to confirm also by other developers)
> *no
> user personal data should be stored in the cookies apart of the JSESSIONID
> used to identify the user session in the server.
>
> Geonetwork stores in the database some data about the users, please check
> the following tables in the database: Users, Groups,
> GUF_UserFeedbacks, Address and Email,  as this information is relevant for
> GDPR. I think I don't forget any relevant table, but a check to the other
> tables can be relevant also.
>
> Regards,
> Jose García
>
> On Fri, May 25, 2018 at 11:57 AM, <
> [hidden email]> wrote:
>
> > Hi,
> >
> > today (25.05.2018) the European "General Data Protection Regulation" will
> > be applied. Therefore, I would like to know what data is stored in the
> > cookies of GeoNetwork. Is this information documented somewhere?
> >
> >
> > Regards
> > Timo
> > ------------------------------------------------------------
> > ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > _______________________________________________
> > GeoNetwork-users mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/geonetwork-users
> > GeoNetwork OpenSource is maintained at http://sourceforge.net/
> > projects/geonetwork
> >
>
>
>
> --
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Vriendelijke groeten / Kind regards,Jose García
> <http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
> (0)318 416664 <+31318416664> <https://www.facebook.com/geocatbv>
> <https://twitter.com/geocat_bv>
> <https://plus.google.com/u/1/+GeocatNetbv/posts>Please consider the
> environment before printing this email.*
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> GeoNetwork-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/geonetwork-users
> GeoNetwork OpenSource is maintained at http://sourceforge.net/
> projects/geonetwork
>



--
*Jo Cook*
t:+44 7930 524 155/twitter:@archaeogeek
Please note that currently I do not work on Friday afternoons. For urgent
responses at that time, please visit support.astuntechnology.com or phone
our office on 01372 744009

--
--
Astun Technology Ltd, The Coach House, 17 West Street, Epsom, Surrey,
KT18 7RL, UK 
t:+44 1372 744 009 w: astuntechnology.com
<http://astuntechnology.com/> twitter:@astuntech
<https://twitter.com/astuntech>



iShare - enterprise geographic
intelligence platform <https://astuntechnology.com/ishare/>
GeoServer,
PostGIS and QGIS training <https://astuntechnology.com/services/#training>

Helpdesk and customer portal
<http://support.astuntechnology.com/support/login>




Company registration
no. 5410695. Registered in England and Wales. Registered office: 120 Manor
Green Road, Epsom, Surrey, KT19 8LN VAT no. 864201149.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
GeoNetwork-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork