It's always a good idea to respect the privacy of the visitors of your website. This is particularly important where respective reglementations are governed by law.
According to the EU cookie law websites are not allowed anymore to store arbitrary information about visitors without explicitely informing them or even asking for their agreement.
Disambiguation of “session cookie”: this wording is used for two quite different things. On one hand it could refer to any cookie that expires after the session is closed (i.e. when the browser is closed). On the other hand it could mean a cookie that is set to identify a user's PHP session (which can store arbitrary data related to a particular user).
The expiration of cookie: the expiration time of a cookie can be set arbitrarily when the cookie is set by a website. It's either specified as a timestamp (i.e. an exactly specified date und time) or as 0. The latter means, that the cookie expires when the browser is closed. The cookies that store a PHP session ID will typically expire when the browser is closed, but this depends on the PHP ini setting session.cookie_lifetime. As the regulations regarding cookies might depend on the cookie expiration time, you should check this setting on your server.
Legend:
blue: not yet checked
green: the plugin doesn't set any cookies for visitors without explicit agreement.
yellow: the plugin sets cookies (or uses a session), which might have to be announced to the visitor.
red: the plugin probably requires the visitor to opt in to the use of cookies before it can be used.
Please note that the colors should only give a quick overview, but there definitely not hard rules, as the legislation in your country might be totally different, and the wiki authors are no lawyers.
The following list should shed some light on which information is stored by CMSimple plugins by setting cookies, but is supplied without any liability.
Advancedform_XH (1beta12): the built in CAPTCHA stores the CAPTCHA code in the
PHP session.
Ajaxfilemanager_XH (1beta5): stores various information in the
PHP session, but only in admin mode
Boilerplate_XH (1beta1): -
Chat_XH (1beta1): stores the current chat room in the session (additionally accesses Register resp. memberpages user names in the
PHP session)
Coco_XH (1rc1): -
Codeeditor_XH (1beta4): stores the name of the filebrowser callback function in the session
Cryptographp_XH (1beta3): stores various information about the CAPTCHA (code, time, expiration, unique ID, language) in the
PHP session
Dlcounter_XH (1alpha1): -
Forum_XH (1beta1): (accesses Register resp. Memberpages user name in the
PHP session)
Handheld_XH (1beta4): set a cookie to force full/mobile view (expires at end of session).
Imagescroller_XH (1beta1): -
Ipban_XH (1beta2): sets cookies to track user preferences for the grid in the admin mode
Minicounter_XH (1beta1): stores information about the current visitor in the
PHP session (already counted, visitor number)
Pagemanager_XH (1pl8): -
Pdeditor_XH (1beta1): -
Poll_XH (1beta2): sets a permanent (for the duration of the poll) cookie, that tracks that the user has voted (but not what he voted for)
Privacy_XH (1beta1): sets a (permanent) cookie that user has agreed
Recaptcha_XH (1beta1): TODO: check, if RECAPTCHA itself sets cookies
Register_XH (1.4rc5): stores complete user information in the
PHP session; sets permanent cookies if user checks REMEMBER USER
Restore_XH (1beta1): -
Roundabout_XH (1beta1): -
Sitemapper_XH (1pl1): -
Socialshareprivacy_XH (1beta1): sets a permanent cookie if visitor has opted in
Tetris_XH (1rc1): stores datafolder and timestamp in the
PHP session
Translator_XH (1beta4): -
Uploader_XH (1alpha7): stores various settings in the
PHP session
Utf8_XH (0.5.2): -
Utf8migrator_XH (1beta2): -
Video_XH (1beta4): -
Webcamviewer_XH (1beta1): -
Yanp_XH (1pl3): -