Q about privacy

corblimey · 07-07-2005 12:12pm #1

I have a web app that stores an ID in a persistant cookie and uses it to look up address information to pre-fill a form for the user.

All well and good.

However, if the user is in a public place or shares their machine, in theory, another user could see their address information if they go to the same site. I either have to remove this functionality for everyone or ignore this potential privacy issue. Does anyone know the official line on this sort of thing. No cc information, etc is held, just an address and postcode (it's for England).

Seth Brundle · 07-07-2005 1:47pm

give them the "remember me" option when entering in data?
If they choose remember me then it is stored in a cookie, if they don't tick it then they need to re-fill in form manually.
Can you use server session variables rather than cookies?

corblimey · 07-07-2005 1:56pm

sssh, kbannon, that's more work than I'm willing to do right now

Yeah, will probably go the 'remember me' route, but need to find out the official line on this sort of data privacy. Project goes live on Monday, so development like this needs to be well founded before it can go ahead.

Yeah, project goes live on Monday and *now* we notice things like this. :rolleyes:

Seth Brundle · 07-07-2005 4:18pm

LOL - I hear ya.
is it necessary to use cookies?
In terms of privacy, yes, I would believe that their (name? and) address shouldn't be left for others to find.
What you could do is save it in a cookie when form #1 is used and then (assuming form #2 is to be completed in the same session) take it from the cookie and then when that is done clear the cookies contents.
However, if form #2 is not to be completed in the same session then I would store all info in a DB.

BizzyC · 07-07-2005 4:34pm

Yeah, I'd suggest storing it on the session, and setting the timeout for a short amount of time.
You could use a logon filter to check the session for a set variable, once the session times-out, the variable is cleared, and you'd need to log in again.

Also to protect yourselves you could simply add a log-out feature and out a disclaimer on the site telling people why the should always log out when finished.

corblimey · 07-07-2005 5:12pm

Actually, there's no login/logout feature on the site. It just generates an ID then uses that throughout to reference the database tables. This ID is persistant. I need in other places, it's just this functionality of pre-populating forms that's causing me a little trouble.

axer · 07-07-2005 6:57pm

corblimey wrote:

Actually, there's no login/logout feature on the site. It just generates an ID then uses that throughout to reference the database tables. This ID is persistant. I need in other places, it's just this functionality of pre-populating forms that's causing me a little trouble.

Session ID

BizzyC · 08-07-2005 9:55am

As axer pointed out, each session is given it's own individual ID. You could store all the data onto the session, and then set the timeout to whatever length of time you deem suitable. Once the session has been idle for that long, it's cleared, and the next person who comes along would get a new session.

seamus · 08-07-2005 10:14am

Yeah Session ID sounds like the best way to go given the timescale.

Put a terms/disclaimer in the form, making it very clear that they should hit a logout button (which destroys the session) and/or should close their browser when they're finished or other users may be able to see their personal details.

Ideally you would move to upgrade the form to submit over https.

corblimey · 08-07-2005 11:03am

If I had any control whatsoever over business decisions like this (the system has been in use elsewhere for a while, and changing a persistent cookie to a session cookie will require meetings and conference calls and meetings and conference calls) I'd have already changed to a Session ID a long time ago.

seamus, https? How would that make any difference?

seamus · 08-07-2005 11:46am

corblimey wrote:

seamus, https? How would that make any difference?

You have people submitting personal details. I would move towards https. Maybe that's just me.

corblimey · 08-07-2005 12:27pm

Right, and that part of the site is on https, I just wasn't sure what the security had to do with reading data from a table and prefilling forms? Sorry if I'm being a bit thick here.

seamus · 08-07-2005 12:47pm

corblimey wrote:

Right, and that part of the site is on https, I just wasn't sure what the security had to do with reading data from a table and prefilling forms? Sorry if I'm being a bit thick here.

I should stop thinking out loud

corblimey · 08-07-2005 2:08pm

Oh thank God. I thought I'd missed a page in my "how to write the Internet" book

Q about privacy

Comments