Joomla Core Capabilities
- All requests to a Joomla website start a session which stores the IP address in the session data and creates a session cookie in the user's browser. The IP address is used as a security measure to help protect against potential session hijacking attacks and this information is deleted once the session has expired and its data purged. The session cookie's name is based on a randomly generated hash and therefore does not have a constant identifier. The session cookie is destroyed once the session has expired or the user has exited their browser.
- Joomla's logging system records the IP address of the visitor which led to a message being written to its log files. These log files are used to record various activity on a Joomla site, including information related to core updates, invalid login attempts, unhandled errors, and development information such as the use of deprecated APIs. The format of these log files may be customised by any extension which configures a logger, therefore you are encouraged to download and review the log files for your website which may be found at `logs`.
- When a network connection is available, a Joomla installation will attempt to communicate with the joomla.org servers for various capabilities, to include:
- Checking for updates for the Joomla application
- Help screens for core Joomla extensions
- The Install from Web service (opt-in)
- The statistics collection server (opt-in)
Authentication - Cookie
- In conjunction with a plugin which supports a "Remember Me" feature, such as the "System - Remember Me" plugin, this plugin creates a cookie on the user's client if a "Remember Me" checkbox is selected when logging into the website. This cookie can be identified with the prefix `joomla_remember_me` and is used to automatically log users into the website when they visit and are not already logged in.
CAPTCHA - reCAPTCHA
- The reCAPTCHA plugin integrates with Google's reCAPTCHA system as a spam protection service. As part of this service, the IP address of the user answering the captcha challenge is transmitted to Google.
- In order to process information requests, information about the user must be collected and logged for the purposes of retaining an audit log. The request system is based on an individual's email address which will be used to link the request to an existing site user if able.
System - Language Filter
- On a site which supports multiple languages, this plugin can be configured to set a cookie on the user's browser which remembers their language preference. This cookie is used to redirect users to their preferred language when visiting the site and creating a new session. The cookie's name is based on a randomly generated hash and therefore does not have a constant identifier.
- This websites uses Shinystat third party service to collect incoming user connections. These information are anonymous and ip collected are hidden. only information about generic geographical positions and device / os used are collected (ex. Italy, WIndows pc).