What about Cookie Banner Settings?

Current caching strategies lead to unlawful behaviour in the following case:

purge all cloudflare caches
user #1 requests page 1; page 1 shows cookie banner; page 1 is cached
user #1 gives cookie consent; cookie is set
user #1 requests page 2; page 2 does NOT show cookie banner, because of the consent-cookie; page 2 IS CACHED WITHOUT COOKIE BANNER
user #2 requests page 2; page 2 does NOT show cookie banner; the CACHED version of page 2 got delivered; the CACHED version depends on consent which user #2 had never given

This is what I read about another Cloudflare workers edge cache HTML implementation.

Hi @ericsiegert,
So, if user one goes to page 1 accept the cookie consent and then goes to page 2 the cookie content won’t be shown as the person has already accepted it.

Now if the same person opens up an incognito window (fresh) and access the page 1, does the cookie banner shows up? Can you check quickly and let me know?

Unfortunately I couldn’t get it up running fine at the moment, I had cached versions of the site that broke the layout. Those pages didn’t show a cookie notice, too, but they should! Not sure what was happening there. I need more time to test it.

Hi @ericsiegert,
If you have performed the above test and even in incognito window the consent message doesn’t show up then its happening due to the cache. This is why we have implemented the cookie consent banner on our site differently. You see though most cookie consent third part widget codes use a cookie to remember that the user accepted the consent, we think it is a very dumb way to implement it as will always have implications with the cache.

There is also no need for remembering the user said YES by using cache. The way we do it is when a user clicks on the Accept Cookie or the Agree button instead of adding another cookie to remember it, we simply use browser’s local storage to add value to remember the user has agreed to cookies.

Blower’s local storage is a persistent storage system and doesn’t get erased when the browser gets closed. So, when a person clicks the Accept button, our javascript code cached that click even and add a message to local storage.

So, next time when the user visit the website or any other page, we check if the local storage exists for the cookie consent and if it does, doesn’t show the message else we do.

This approach plays very nicely with any caching mechanism as it doesn’t rely on cookies. Not sure if this is helpful or not, but if you follow a similar approach, you can easily get past this issue.

Hi @isaumya I am using the GDPR cookie compliance plugin by Moove and I am having the same issues…if user rejects third party cookies, the analytics code keeps running because the website serves a cached version. What is the solution you are suggesting using Js instead of a cookie ? How can I implement it ? is there a plugin or code snippets I can use ?

Hi @cekaraz,
First of all, this issue is not related to the plugin but simply how caching works. If you are using JS-based approach and storing the user selecting in the localStorage, then you can check if the respective value exists in the localStorage and if not simply remove the HTML elements of analytics from the code.

Hi Saumya of course I know this is not related to the plugin itself but it’s in the nature of caching. I’m not a developer but I do understand the logic of the solution you are suggesting….but how am I supposed to implement this practically ? My question is if you can recommend a GDPR plugin or a code snippet that I can adapt to do just that ?

Thanks!

Hi @cekaraz,
Unfortunately, I personally do not use any GDPR cookie consent plugin on any of our projects mainly because I do not like the code of any one of them (not just plugins but also third party websites). The reason behind all of them uses the same technique of using cookie to remember the choice and do stuff which doesn’t work well with caching (if you are caching HTML), so we write our custom code to create the cookie consent.