Ooer! You're right! I mis-read it!
What are your plans for the sites you do Ruth?
I'm using the CookieCuttr jQuery plugin -
CookieCuttr - A tailorable jQuery plugin to deal with the EU Cookie Law - I've got it to just add a little box saying "Cookies?" in the top-right hand corner of the website... when you click on the link, that then takes you to a "Cookie Policy" page, which has a couple of buttons at the top of it - one to hide the message and the other to decline cookies.
I've taken the same approach as the BBC website and the BT website, which is to enable cookies by default (as lots of my clients love their Google Analytics and Wibiya toolbars - which both set cookies) - and then to warn people that if they decline cookies, then some features on the website may stop working.
I then list which are the "essential" cookies (in my case, ROUTEID, which the Apache web server uses for load balancing, JSESSIONID, which the Java web application sets, for session tracking - things like shopping carts won't work without these two cookies being set - and - ironically - the cookie which the jQuery plugin sets to say whether you have accepted or declined cookies - which sounds quite illogical - setting a cookie to say you don't want cookies). These "essential" cookies won't be disabled by clicking the "Decline Cookies" button - as the website won't work properly without them (and so you are allowed to keep setting them as per the EU regulations).
I then list which parts of the website set "non-essential" cookies - which are usually just Google Analytics and/or the Wibiya toobar - these *will* be disabled if someone declines cookies.
But having a small "Cookies?" box in the right hand corner of the browser is a lot less intrusive than what I initially tried last night (which was to display a much larger message on every page with the accept/decline buttons); I had one client email to say that they *hated* the bigger message that I had at the top of the page initially - and we can't have clients being peed off on account of silly EU regulations (as I personally think that all this cookie business *is* rather silly - but - at the same time - it makes sense to comply - in the least intrusive way possible - just to cover myself and my clients so that neither I or they get hassled by the Information Commissioner's Office - as we've actually taken steps to comply with the law - whereas countless other people probably won't have done)...