Skip to content

Serendipity Core

Serendipity uses a so-called "Session cookie" for both frontend and backend. A visitor will receive a cookie with a unique ID, which is used on the server to store temporary session user data (i.e. login validity, user preferences). This cookie is mandatory for logging in to the backend, but optional for the frontend. Certain plugins can use the session cookie to store additional temporary data.

The following data can be stored by the Serendipity application on the server (temporarily, invalidated after the server-configured timeout, usually in the range of hours):

  • HTTP browser referer when entering the blog
  • Indicator if Smarty templating is used
  • Possible content of a generated captcha image
  • The configured frontend theme

The following data is stored in cookies:

  • PHP session ID
  • Display language
  • After commenting: Last name, E-Mail, URL, state of "Remember comments" (if enabled)

The IP addresses of users are utilized at these places:

  • Stored in database when referrer tracking is enabled (Statistics)
  • Stored for comments of a visitor and displayed within the E-Mail that is sent to moderators
  • Stored in logfile (if enabled) of the antispam plugin (shortened IP)
  • Temporary Read-only access for checking referrers, logins, IP flooding

User input from visitors (not editors):

  • Comments (all comment metadata, stored in database)
  • Referring URL when entering the blog (if referrer tracking is enabled, in database)

Additionally, the following plugins are currently enabled:

oEmbed Plugin

Web services / Third Party

  • oEmbed: oEmbed providers will receive visitor metadata (IP, User Agent, etc) when embedded content is loaded

Frontend

  • oEmbed providers will receive visitor metadata (IP, User Agent, etc) when embedded content is loaded

Cookies

  • oEmbed providers might set cookies for tracking purposes of embedded content

Attributes

  • Does not store user data
  • Does not store IP data
  • Operates on IP data (read-access, also when passing through metadata)
  • Transmits user input to services / third parties (not necessarily stored)

Spamblock / Anti-Spam

Frontend

  • Anti-Spam measurements when entering comments
  • All user data and metadata (IP address, User-Agent, HTTP Referer, Author name and mail, comment fields) can be logged to database or file

Attributes

  • Stores user data (like names, text, preferences) to a database, file or other storage (mail)
  • Stores IP data (written to storage)
  • Operates on IP data (read-access, also when passing through metadata)
  • Does not transmit user input to services / third parties

Cookies

  • When Captchas are enabled, the displayed graphic key is stored in the session data and uses a PHP session cookie.

Statistics

Frontend

  • Saves user visitor data to the local database (visitors) for statistical analysis. Tracks IP, User Agent, HTTP Referer

Attributes

  • Stores user data (like names, text, preferences) to a database, file or other storage (mail)
  • Stores IP data (written to storage)
  • Operates on IP data (read-access, also when passing through metadata)
  • Does not transmit user input to services / third parties