mod_yourData
mod_yourData is a Joomla! module allowing you to show site visitors exactly what data your site is storing within their browser. It includes support for Cookies, Session Storage Objects and Local Storage Objects. Given ever-increasing awareness of Privacy online, it's important that sites are as transparent as possible.
The ideal use of this module would be to assign it to a custom position and then include with your site's Privacy statement using Joomla's LoadPosition plugin.
This page is the user documentation for the module, you can also view the Demo here
Installation
Installation of the module is identical to any other Joomla extension - use Extension Manager! You'll need either a Joomla! 2.5 or a Joomla 3.x site - this module does not support Joomla 1.5!
Configuration
All configuration takes place through Module manager, and the following options are available in the current version
Basic Options
Module Text: You can use this option to set text which will be displayed at the top of the module.
Cookies
Show Cookies: Set this to No if you don't want to display which cookies are stored
Show Server Cookies: Some cookies aren't accessible via Javascript, so won't be listed. When set to 'Yes' the module will list the cookies that the server sees listed in the page request headers. Please see Privacy Considerations below for why you may not want this option enabled.
Allow Removal: When enabled, the user will be able to click a cookie to remove it from their browser - this won't work for cookies that can't be accessed via Javascript, so these cookies are given a CSS class to make this obvious.
Local Storage
Show Local Storage: If enabled, the module will show the name and value of any Local Storage Objects detected within the users browser.
Allow Removal: When enabled, the user will be able to click an item to remove it from their browser.
Session Storage
Show Session Storage: If enabled, the module will show the name and value of any Session Storage items within the users browser.
Allow Removal: When enabled, the user will be able to click an item to remove it from their browser.
Formatting
Module Class Suffix: As with most other Joomla! modules, this allows you to append a custom suffix to the default CSS classname of .yourData.
Div Width: If set to anything other than 0, this will set the width of the module. Ideally, it's better to do this in your template's CSS though.
Display Powered By: By default, the module displays 'Powered by yourData'. Setting this to No will disable display of this text.
Privacy Considerations
The module can, and will, only display items set by your site. So, if your site is example.com, cookies from example2.com won't be displayed. However, depending on the configuration used when setting a cookie, a module on subdomain1.example.com may display cookies set by example.com.
None of the displayed data is stored, or sent to your server, so in theory the only way to view a users data is to view the module from their browser. If, however, there is a Cross Site Scripting (XSS) vulnerability in your site, it might be possible for an attacker to trick a user into visiting your site so that they can view the data. You shouldn't be storing anything too sensitive in cookies (they're sent in the headers of every request) or storage objects.
Some cookies are deliberately set to not be accessible by Javascript, there can be any number of reasons for this, but you should consider the worst case scenario when deciding whether Show Server Cookies should be enabled (it is, however, enabled by default as the attack vector is small). Session ID's are not usually accessible via Javascript, partially to help prevent Session Hijacking - if an XSS vulnerability is present, an attacker could scrape the page to gain the session ID. The attack would need to target your site, fool a user into viewing a malicious URL and use the session whilst it was still valid, but if you're handling anything particularly sensitive you may wish to turn Show Server Cookies off!
