Restricting Age Gate if user disallows the specific cookies

This is where things do get complicated!

As you rightly say, essential cookies are permissible under GDPR. If there is a requirement to check a users age, then you would have to say the age gate cookie is essential.

But let’s look at it in detail should you want to block stuff and what the workflow would be.

From an Age Gate perspective, it’s impractical to bake that stuff in to the plugin (though a bit more on that in a minute as there are workarounds in the pipeline)

The way I have done consent (and example over on https://agegate.io) is to defer and JS loading until I have consent. That way if the agree everything is fired then, otherwise not. Not sure if the one you mention here would need a page refresh before the cookies kick in.

Now, to do these things with age gate there’s going to need to be two things happen, as we want to show it, but tell them they need the cookie. In this case my deferring method wouldn’t work as the JS wouldn’t trigger the age gate. (I said this would be complicated!)

So firstly we need to show a message if the cookie is not allowed, that’s easy enough with a nit of JavaScript:

// This should sit outside a document ready call
jQuery(document).on('agegateshown', function(){
  if ( ! is_allowed_cookie( 'age_gate' ) ) {
    jQuery('.age-gate-form').prepend('<div class="age-gate-error" style="display: block;"><p class="age-gate-error-message">You must allow the age verification cookies to verify your age</p></div>');
  }
});

The next thing that’s required is to stop Age Gate setting a cookie if it’s not allowed. A big caveat is that this is currently not possible. However, I’m going to work on that today if I can.

Again, this is a little complicated, but age gate will support a similar hook system to WordPress in the javascript. This example is in no way going to be 100% final, but I’ll update it when it is (if it’s different).

There will be two things we need, the global ageGateHooks and a filter called age_gate_set_cookie.

The code for this will look a little bit like this:

function cookieAllowed(){
  return is_allowed_cookie( 'age_gate' );
}

if(typeof ageGateHooks !== 'undefined'){
  ageGateHooks.addFilter('age_gate_set_cookie', 'testApp', cookieAllowed);
}

Like I say some of this I need to build, but I have started it, just got to get it finished, and make sure it’s available in both versions. And make sure it’s the correct route (as I write this my brain has thought of potentially simpler ways!)

A final note on this is that in JavaScript mode, the ability to set the cookie won’t actually stop someone from passing the age gate a seeing the content. It’ll just reshow on every page.

Let me go away and look into the cookie prevention scripts. It’s definitely something that should be in there really so I’ll look to get it out as soon as possible.

Cheers
Phil

What I’ve done for the time being is saying specifically in the messaging:

Verifying your age will place a cookie on your device to confirm whether you’re old enough to access restricted content. If you aren’t old enough, the system will place a cookie preventing you from trying to access age-restricted content again on this website. Age verification won’t work without cookies.

As a compliance measure, that seems reasonable, since even if the essentialness of the cookie is arguable, it isn’t placed until the user takes a specific action, and they’re being clearly told that doing so will place a cookie. (I added a similar message to the WordPress comment cookie checkbox, for the same reason.) It’s wordy, but it’s not ambiguous.

More broadly, this does seem like a functionality that cookie-placing plugins will need to start considering, just like the possibility of visitors setting their browsers to refuse cookies. And, just to make things really fussy and complicated, it doesn’t seem like there’s yet any consistency in how different plugins and solutions handle consent management. (Not being a developer, I sure wish it didn’t require so much technical knowledge to implement!)

Thanks for giving it some thought. This is not my area of expertise and the best I can usually manage is to sort of grasp the general outlines of the issue.

Hi @ate-up-with-motor,

Sorry for a bit of a delay getting back to you on this.

In 2.3.0 there’ a filter (it was in previous versions, but only for standard PHP mode) called age_gate_set_cookie that will allow you to not set a cookie if they haven’t been accepted.

So basing off the GDPR plugin we talked about previously, you can do it with the following PHP in your functions

add_filter('age_gate_set_cookie', function($set_cookie){
  return is_allowed_cookie( 'age_gate' );
});

This is also available via JS if needed like above, but PHP may well be simpler to get working as it’s just one function.

Thanks
Phil

That’s excellent, but I wonder if with caching, it would need to be via JavaScript so that it doesn’t get defeated by the cached page. I still haven’t gotten Age Gate to work in JavaScript mode even without that, and I’m not sure how to integrate the above solution with it.

Hi @ate-up-with-motor,

Caching shouldn’t be an issue as this is handled server side via the ajax request and returned in the JSON response to the browser.

As for the JS implementation, do you have a site somewhere public I could see to try and find the issue?

Cheers
Phil

Yup — the first post at aaronseverson.com is set to be gated, but the gate doesn’t appear. I have it set to Use JavaScript Age Gate, Admin Ajax, use anonymous Age Gate.

(Thanks for your help, by the way, I really appreciate it!)

Hmm, any chance you could create me a login? Can just be an editor or something low and use the email [email protected], would be good to see the page settings

Thanks
Phil

I can’t do that right now, but opening that post shows the settings:

Age Gate Options:
Restricted to 18
Age Gate This Content (checked)

Status: Published
Visibility: Public
Format: Standard
Categories: Uncategorized

Ok no worries, let me have a check on some of mine and make sure things are working right.

I think I might have worked out the issue you’re having.

Do you have “Posts will inherit their taxonomies restriction settings” checked?

If so, you need to restrict the category and in the Advanced settings check that categories should inherit.

An individual post should probably override it’s parent to be honest so that’s a fix to add to the list!

Thanks
Phil

Hmm. I did — I had it set to inherit the restriction of the category. I unchecked that option now, cleared the cache, and tried again, but the Age Gate still doesn’t come up at all for the test post.

Separate question: With the function above, what behavior will result if the user does NOT have the cookies permitted? Will it return the No cookies message or do something else? (It would make sense to return a warning so that if the user wants to allow the cookies and try again they can change the permissions.)