@anonymous-piwik-user opened this Issue on November 21st 2011

I'd like to suggest an enhancement to the blocking cookie system. Currently you must be logged into Piwik in each browser you wish to block, on each system you wish to exclude. It would be more convenient by far if this worked more like Clicky, which provides you a link that can be shared outside the context of the admin interface, so that you and your users can easily set their cookies in all browsers without ever logging in.
Keywords: piwik_ignore,blocking cookie

@mattab commented on November 22nd 2011 Member

This is a good suggestion. At the start I suggested limiting it to logged in user to prevent CSRF attacks where, for example, if someone could XSS on your site, it could then have all users automatically set the cookie in their browser and then having all visits ignored... Maybe, what we could do is have a sharable URL that would be impossible to guess with a random token in the url.

When users click on the link, make sure we display a message acknoledging that the cookie was set.

@mattab commented on June 4th 2012 Member

Actually it should already work, can you please confirm that it works in 1.8.1 ?

@anonymous-piwik-user commented on June 7th 2012

I'd be happy to test it. How do I get to it? :)

@mattab commented on June 18th 2012 Member

copy paste the link used to set the cookie, it can be sent around, WARNING: it contains the secret token_auth!

@anonymous-piwik-user commented on June 27th 2012

What evil things could occur if token_auth fell into the wrong hands?

This Issue was closed on August 15th 2012
Powered by GitHub Issue Mirror