Are GDPR plugin’s own cookies required?

  • Resolved Ate Up With Motor

    (@ate-up-with-motor)


    6 years, 6 months ago

    I have upgraded to the current version of the plugin (2.0.2) and set up the banner and cookie settings. However, the behavior of the plugin’s own cookies doesn’t obey the settings.

    I have registered a category for cookies called Privacy and Cookie Preferences, containing the following cookies used by the GDPR plugin. They are set to on.

    gdpr[consent_types], gdpr[allowed_cookies], gdpr[privacy_bar]

    If I clear all cookies and navigate to my web page, the consent banner comes up. Even before I’ve clicked anything or taken any actions, the plugin places the gdpr[consent_types] and gdpr[allowed_cookies] cookies. If I click “I agree,” it also places the privacy bar cookie (which for some reason Firefox displays as gdpr%5Bprivacy_bar%5D).

    If I then go to the Privacy Preferences management menu, it allows me to disallow the gdpr cookies. However, they aren’t deleted and disallowing them has no apparent effect.

    It seems like the way the plugin should handle this is to not place its cookies until after the user has taken action on the banner. If they don’t click okay, the banner doesn’t disappear, but no gdpr cookies are set. If they disallow the cookies, it seems like the plugin cookies should be deleted (which will presumably make the banner reappear).

    Am I doing something wrong or is this just how the plugin works? I recognize that without cookies, there’s no way to save preferences for anonymous visitors, but it seems like it should be the user’s choice, no?

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Anthony Moore

    (@amooreto)

    Hi @ate-up-with-motor,

    The correct cookie name is gdpr.

    This will take into consideration gdpr[consent_types], gdpr[allowed_cookies], gdpr[privacy_bar] as well.

    I would also put this under a “Strictly Necessary” category, as we need to be able to track which cookies a user has agreed to.

    Plugin Author Fernando Claussen

    (@fclaussen)

    The plugin cookies are required.
    Those are used to track allowed cookies and given consents for both logged in users and visitors.

    They do not track any personal data. Only these preferences.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    I figured that, but wouldn’t it make sense for the plugin to place those cookies AFTER the user clicks “I agree” rather than when a new visitor first arrives?

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    (That way, the cookies would reflect the user’s specific choices if they fine-tune them before clicking “I agree.”)

    Plugin Author Fernando Claussen

    (@fclaussen)

    Required cookies can be set without consent.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    Understood, but if the cookies are set before the visitor saves their consent settings, are the cookies reset or changed once they do?

    Plugin Author Fernando Claussen

    (@fclaussen)

    Our cookies are updated when the user update their preferences. Yes.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Are GDPR plugin’s own cookies required?’ is closed to new replies.