Skip to content

Serendipity Core

Serendipity uses a so-called "Session cookie" for both frontend and backend. A visitor will receive a cookie with a unique ID, which is used on the server to store temporary session user data (i.e. login validity, user preferences). This cookie is mandatory for logging in to the backend, but optional for the frontend. Certain plugins can use the session cookie to store additional temporary data.

The following data can be stored by the Serendipity application on the server (temporarily, invalidated after the server-configured timeout, usually in the range of hours):

  • HTTP browser referer when entering the blog
  • Indicator if Smarty templating is used
  • Possible content of a generated captcha image
  • The configured frontend theme

The following data is stored in cookies:

  • PHP session ID
  • Display language
  • After commenting: Last name, E-Mail, URL, state of "Remember comments" (if enabled)

The IP addresses of users are utilized at these places:

  • Stored in database when referrer tracking is enabled (Statistics)
  • Stored for comments of a visitor and displayed within the E-Mail that is sent to moderators
  • Stored in logfile (if enabled) of the antispam plugin (shortened IP)
  • Temporary Read-only access for checking referrers, logins, IP flooding

User input from visitors (not editors):

  • Comments (all comment metadata, stored in database)
  • Referring URL when entering the blog (if referrer tracking is enabled, in database)

Additionally, the following plugins are currently enabled:

oEmbed Plugin

Web services / Third Party

  • oEmbed: oEmbed providers will receive visitor metadata (IP, User Agent, etc) when embedded content is loaded

Frontend

  • oEmbed providers will receive visitor metadata (IP, User Agent, etc) when embedded content is loaded

Cookies

  • oEmbed providers might set cookies for tracking purposes of embedded content

Statistics

Frontend

  • Saves user visitor data to the local database (visitors) for statistical analysis. Tracks IP, User Agent, HTTP Referer

Attributes

  • Stores user data (like names, text, preferences) to a database, file or other storage (mail)
  • Stores IP data (written to storage)
  • Operates on IP data (read-access, also when passing through metadata)
  • Does not transmit user input to services / third parties

Syndication

Web services / Third Party

  • subtome: Enables visitors to easily subscribe to RSS feeds. The visitor loads a JavaScript from their servers, thus the IP address will be known to the service.

Frontend

  • To allow easy subscription to feeds and optional tracking statistics, the subtome services can be used.

Attributes

  • Does not store user data (or not specified)
  • Does not store IP data (or not specified)
  • Operates on IP data (read-access, also when passing through metadata)
  • Transmits user input to services / third parties (not necessarily stored)