Cookies with Django

[אורי]

Hi,

Django uses cookies at least for authentication / login. How does Django
handle the European Union legal requirements related to using cookies? For
example, does the user have to agree before cookies are used?

Thanks,
Uri.
אורי
u...@speedy.net

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeH6_R2YyhHaB0BOzW%2BOFvWY4N8eU2pA4CvF1gt1VoPepQ%40mail.gmail.com.

Re: Django 5.1 - LoginRequiredMiddleware

[אורי]

Hi,

I read the updated Django 5.1 release notes and I think now it's more clear
that LoginRequiredMiddleware is only enabled if we enable it, and is not
enabled by default.

Thanks,
Uri.
אורי
u...@speedy.net


On Wed, Aug 7, 2024 at 9:29 AM Adam Johnson  wrote:

> I’ve opened a PR for a small docs tweak that may help clarify the release
> note: https://github.com/django/django/pull/18455 .
>
> On Wed, 7 Aug 2024, at 01:29, אורי wrote:
>
>
> אורי
> u...@speedy.net
>
>
> On Wed, Aug 7, 2024 at 3:17 AM James Bennett 
> wrote:
>
> On Tue, Aug 6, 2024 at 4:37 PM אורי  wrote:
>
> No. I didn't see in the documentation of LoginRequiredMiddleware
> any MIDDLEWARE setting.
>
>
> https://docs.djangoproject.com/en/5.1/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware
>
>
> https://docs.djangoproject.com/en/5.1/releases/5.1/#middleware-to-require-authentication-by-default
>
> I thought that LoginRequiredMiddleware is always enabled in Django 5.1.
>
>
> The set of middlewares which will be turned on by default when generating
> a new project is documented:
>
>
> https://docs.djangoproject.com/en/5.1/topics/http/middleware/#activating-middleware
>
> Any middleware not listed there needs to be explicitly added to your
> project's MIDDLEWARE setting before it will have any effect.
>
> I don't see anything in the documentation of LoginRequiredMiddleware which
> implies that it is enabled by default or will be turned on automatically by
> upgrading Django. And I think it's highly unlikely the
> LoginRequiredMiddleware would ever become a default-enabled middleware,
> since people would probably be upset about suddenly having their sites
> login-walled by a Django upgrade.
>
>
> OK, I understand. Thank you. I read the documentation but I misunderstood
> and thought that LoginRequiredMiddleware is enabled by default.
>
> Uri.
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CAL13Cg_wEWKBOkjnCzqiMH_n5jyycpgCnBQst84b8twq0Jc7DA%40mail.gmail.com
> 
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CABD5YeFcD15GAQuFge5wW5-oqTvtcYN-gh%2B%2BcheMfkmpytz%2B%2BA%40mail.gmail.com
> 
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeGCuOtZnQJC9V6MXpJVtDSUnZ9fY71gV1Q0LSixGkO6sA%40mail.gmail.com.

Re: Cookies with Django

[Curtis Maloney]

{I am not a lawyer. None of this is legal advice, of course.}

Django itself does nothing to tell your users authentication uses cookies.

If and how you choose to do that is up to you; also, there are some 3rd party 
apps to try to make this easier.

However, I find this paragraph from https://gdpr.eu/cookies/ quite informative:

 • Strictly necessary cookies — These cookies are essential for you to browse 
the website and use its features, such as accessing secure areas of the site. 
Cookies that allow web shops to hold your items in your cart while you are 
shopping online are an example of strictly necessary cookies. These cookies 
will generally be first-party session cookies. While it is not required to 
obtain consent for these cookies, what they do and why they are necessary 
should be explained to the user.

So in short, it's recommended you let users know you will be using a cookie, 
and why, but the GDPR does not mandate it for this type of cookie.

--
Curtis


On Fri, 9 Aug 2024, at 12:35, אורי wrote:
> Hi,
> 
> Django uses cookies at least for authentication / login. How does Django 
> handle the European Union legal requirements related to using cookies? For 
> example, does the user have to agree before cookies are used?
> 
> Thanks,
> Uri.
> אורי
> u...@speedy.net
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/CABD5YeH6_R2YyhHaB0BOzW%2BOFvWY4N8eU2pA4CvF1gt1VoPepQ%40mail.gmail.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/3f17f472-d1ac-46e6-97c9-caf8e1fd5f39%40app.fastmail.com.

Re: Cookies with Django

[אורי]

Thank you.

אורי
u...@speedy.net


On Fri, Aug 9, 2024 at 5:40 AM Curtis Maloney  wrote:

> {I am not a lawyer. None of this is legal advice, of course.}
>
> Django itself does nothing to tell your users authentication uses cookies.
>
> If and how you choose to do that is up to you; also, there are some 3rd
> party apps to try to make this easier.
>
> However, I find this paragraph from https://gdpr.eu/cookies/ quite
> informative:
>
>
>- Strictly necessary cookies — These cookies are essential for you to
>browse the website and use its features, such as accessing secure areas of
>the site. Cookies that allow web shops to hold your items in your cart
>while you are shopping online are an example of strictly necessary cookies.
>These cookies will generally be first-party session cookies. While it is
>not required to obtain consent for these cookies, what they do and why they
>are necessary should be explained to the user.
>
>
> So in short, it's recommended you let users know you will be using a
> cookie, and why, but the GDPR does not mandate it for this type of cookie.
>
> --
> Curtis
>
>
> On Fri, 9 Aug 2024, at 12:35, אורי wrote:
>
> Hi,
>
> Django uses cookies at least for authentication / login. How does Django
> handle the European Union legal requirements related to using cookies? For
> example, does the user have to agree before cookies are used?
>
> Thanks,
> Uri.
> אורי
> u...@speedy.net
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/CABD5YeH6_R2YyhHaB0BOzW%2BOFvWY4N8eU2pA4CvF1gt1VoPepQ%40mail.gmail.com
> 
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/3f17f472-d1ac-46e6-97c9-caf8e1fd5f39%40app.fastmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CABD5YeERTM8N1WrVuvGT0QurXLk_LnbO%2BCoqCiL2Hs1nZsEAUA%40mail.gmail.com.