Contrib.social

Accepted cookies are not deleted when consent is removed

Open on Drupal.org β†’
Created on 4 June 2021, about 3 years ago
Updated 17 November 2023, 7 months ago

Problem/Motivation

When you trigger the consent dialog and remove the consent for non-essential cookies (e.g. tracking, performance, etc), those cookies are not deleted from the browser.

See attached screenshot, cookiesjsr cookie is correctly updated (analytics is set to false), but Google Analytics cookies are not deleted:

Setup:

  • Drupal 8.9.16
  • cookiesjsr library 1.0.10
  • google_analytics 8.x-3.1
  • google_tag 8.x-1.4

Steps to reproduce

  • Install and setup modules: cookies, cookies_gtag, cookies_ga, google_analytics, google_tag
  • Load any page and accept all cookies
  • Load any page, trigger cookie consent dialog, and remove consent for tracking and performance cookies

  • Notice google_analytics and google_tag cookies are still in place

Proposed resolution

Not sure if this is an issue with the cookiesjsr library of the cookies_gtag and cookies_ga sub-modules. Not sure how to fix it either.

πŸ› Bug report
Status

Needs review

Version

1.2

Component

Code

Created by

πŸ‡ͺπŸ‡ΈSpain bmunslow

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 10 months ago β†’
    πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica

    This came up again in ✨ Hotjar and other random library cookie consent Needs work and I agree it should be implemented, at least better support that optionally.

    I wrote the following in that issue:

    I think the module already offers, what it needs to do that smart, with the JS callbacks. We just need to either add another optional callback on refusal, which deletes a list of cookies by their name or add a helper function that can be called in the existing callback... We can at least add that optionally. It has to be done in JS for the caching reasons.

    The way COOKiES works, I'd say we should implement the cookie names in the code of the submodules, instead of individual configuration (if needed we can still add another submodule which allows attaching further cookie names to services in the UI).

    So in contrast to the patches here, I think it should be code (like the library names), not configuration!

    I also thought about adding a setting per service to enable / disable the cookie deletion on reject, but I don't think it's really needed, it should just be done. It will then be the job of the submodule implementations to list the cookie names to delete on reject. If none given, none will be deleted.
    That all has to be done in the JS callbacks, as server-side won't work with caches.

    Setting the priority to major to get this up in the list of things that need to be done.

  • Comment 8 months ago β†’
    πŸ‡«πŸ‡·France hesslinger

    Hello @Anybody,

    sorry for long time without work on it issue.

    Can you Close https://git.drupalcode.org/issue/cookies-3217333 ? because started branch is outdated.

    To be sure to understand well you prefer kill cookie directly in a submodule (with settings form) ?

  • Comment 8 months ago β†’
    πŸ‡«πŸ‡·France hesslinger

    Hi, Can't make fork...

    I suggest the following patch : https://www.drupal.org/files/issues/2023-10-20/cookies-3217333-ga-gtag.p... β†’

    The cookies _ga, _ga_* and _gid should be correctly removed when consent is revoked (via the cookies_ga and cookies_gtag submodules).

  • Status changed to Needs review 8 months ago
  • Comment 8 months ago β†’
    πŸ‡«πŸ‡·France hesslinger
  • Comment 7 months ago β†’
    πŸ‡ͺπŸ‡ΈSpain UriDrupal

    After the update to Drupal10.1.6 and version Cookies 1.2.7 this patch stopped working for me. I can apply it but it does nothing when removing consent.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024