Stopping cookies at source

Here is a fairly straight forward and free solution to the new EU Cookie regulations, for anyone using a PHP CMS system, like Joomla, which inhibits all cookies until the visitor has clicked acceptance of cookie use.

You will need to be able to create a .htaccess file (I'm assuming Apache web host) and add the following lines:

SetEnvIf Cookie "eu-opt-in=1" opted_in
Header always unset Set-Cookie env=!opted_in

Without getting too deep into the details, this clears all cookies generated by PHP before they are ever sent to the visitors' web browser, unless the "Opt in" cookie has been set. No Cookies, no problem.

Asking permission to store cookies

Some sites will work perfectly adequately without cookies, but if you need them, you must ask the visitors' permission. Heart Internet have kindly provided a simple script to display a cookie widget, you will already have seen it when you visit this site. The code they provide can easily be added to a Joomla template, although, given time a system plugin would be ideal. Any CMS, PHP or not, could use this technique.


As I quickly found out, this causes your CMS system a problem, you can't login! Another .htaccess file saves the day:

SetEnvIf Cookie "eu-opt-in=1" opted_in
Header always set Set-Cookie "eu-opt-in=1" env=!opted_in

This needs to be uploaded to the administator folder in Joomla and simply forces "Opt in" for the admin site. As a site administrator, you have to accept cookies.


Unless you absolutely don't use cookies, then you need to publish a Privacy Policy. Several UK Government sites give skeleton policies, not least the ICO site, responsible for enforcing the regulations.