Here in the crazy land that is Europe there's a new law about to come in to effect in May which means businesses (everybody?) need to get permission from users before placing cookies on their machine.
A customer of mine has asked that I implement this on a couple of Domino websites I've built for them.
When the idea of implementing this was first mentioned to me it was one of those face-in-palms-of-hands moments. All the work you put in to make a great-looking site and then you have to do this!
I tried reading the ICO's guidelines on this to see if this was really required in a case where Analytics was dropped and cookies were then only used for logging in. But the guidelines are written (purposefully?) in such a way as to make no sense. Either way the legal department of the customer have said it needs doing, so who am I to argue.
Implementation should be straightforward enough. Accepting cookies on ICO's site places a cookie called "ICOAcceptCookies" on your PC with a life of 2 years. I'd just do something similar and then only add the Analytics code if the cookie is there.
What about authentication though? How can you truly prevent logging in to a Domino server unless a cookie exists!? I'm going to try out a few ideas and report back if you lot are interested and the ideas work.