Help would be appreciated for a simple configuration

Created on 8 March 2023, almost 2 years ago
Updated 27 October 2023, about 1 year ago

I defined two categories, one for "technical" cookies and another one for all the other cookies.
"All the other cookies" I expect may come from the usage of Google Analytics and from the inclusion of an iframe containing a Facebook feed.

Going by what I could understand in the first category there are php sessions cookies and cookies generated by the EU Cookie Compliance module.
I checked the option "Enable cookie(s) automatic-removal when consent isn't given" and I did not specify any exception in the Allowed cookies textarea.
Is all that enough to discard all cookies not belonging to the first category?

Besides, how can I verify the desired behavior? So far I inspected in the "Storage" tab of Mozilla Firefox and noticed three cookies probably related to Google Analytics appear and then disappear in about one or two seconds. I see no cookies in the section related to the facebook.com domain. In the section related to the website instead I see the expected "technical" cookies. Is this enough to conclude I am getting what I wanted?


The main reason why I'm skeptical is that the behavior I described above does not change at all if I uncheck the option "Enable cookie(s) automatic-removal when consent isn't given", so what should I think?

Thanks in advance!

Andrea

💬 Support request
Status

Postponed: needs info

Version

1.24

Component

Miscellaneous

Created by

🇮🇹Italy AppLEaDaY

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @AppLEaDaY
  • 🇮🇳India Mahima_Mathur23

    Hi AppLEaDaY,

    As to your first question,
    Is all that enough to discard all cookies not belonging to the first category?

    Yes, As you might also remember that while creating the categories there were 3 options: "Unchecked by default", "Checked by default" and "Checked and Disabled". So, probably you have selected unchecked by default for the ones that are not under Technical category which does not create them by default.

    Secondly, the "Enable cookie(s) automatic-removal when consent isn't given" removes cookies that gets created but for which consent isn't given. These basically include 3rd party cookies over which this module has no control like in your case are the Google Analytics cookies. To make sure that your Google Analytics cookies are not created only, you will have to make some changes in the Google Analytics dashboard. Trying adding a condition of the cookie category before triggering the making of the cookies. This is how I handled in GTM. Probably there is a way to do the same in GA. You can connect with the GA team as well for this.

    And regarding testing this, I do suggest go through all the browsers: Safari, Chrome, Firefox, etc because different behaviours might be seen.
    You can see in the Storage tab, yes. You can also go to your browser's setting and see the cookies from there that are being created.

    I hope this helps you!
    Mahima

  • 🇮🇹Italy AppLEaDaY

    Hi, Mahima.

    As for you initial supposition (initial options for the user), I chose I set as initially checked the option of accepting not essential cookies, anyway when I perform a test I'm free to uncheck that option and save preferences, so I don't see how that setting could affect the operation of the module, as far as refusing not essential cookies is concerned.

    As for the option Enable cookie(s) automatic-removal when consent isn't given, going by what you just wrote, I may not care whether the second category of cookies are created, since they are not stored. Why, then, should I try to search on the Google Analytics interface something that would avoid Google Analytics being created? Of course, it looks like a "cleaner" solution, but may I do without this option, especially if I get lost in the Google Analytics interface?

    A few moments ago I tried with Google Chrome, but I noticed about the same behavior as with Mozilla Firefox, that is behavior stays about the same both with and without the consent of the not essential cookies, so I wonder what is it working or what is it not.

    Essentially all cookies are initially set, but non essential cookies are not stored. At least I deduce this since if click on the "Cookies" icon and then on the "sub-icon" related to the domain for the second time, then non essential cookies are not there anymore. And this happens also if consent is given.

    I attach some pictures showing what cookies I see after the page is loaded and after I re-inspect the cookie for the domain. I blurred the UA code.

    The domain I'm using is not the definitve one, I'm in a sort of a staging environment, but... I could this ever affect the behavior, after all?

    Thanks in advance!

    Andrea

  • 🇳🇴Norway svenryen

    Thanks for writing in, @AppLEaDaY and for your concerns about configuration.

    Would you mind sharing a URL so that we can inspect what you're seeing? It's a bit difficult to answer since there's probably a combination of first part and third part cookies involved.

    To debunk a few statements from @Mahima_Mathur23:

    Is all that enough to discard all cookies not belonging to the first category? Yes, As you might also remember...

    Actually, if you don't enter any cookies in COOKIE HANDLING, all cookies will be unset by the module. You will need to enter line by line each cookie name together with the name of the associated category. You may or may not need to set up something using javascript or in the Google Analytics dashboard. I've only gone for the javascript route, and haven't explored the dashboard. It would be great if @Mahima_Mathur23 could provide further guidance on where in the dashboard you can set up a connection and auto-removal.

    And regarding testing this, I do suggest go through all the browsers: Safari, Chrome, Firefox, etc because different behaviours might be seen.

    As cross-browser testing is sometimes required for JS and CSS issues, rest assured that we have already tested the module with all major browsers, so testing the features of the module should be required in only one browser. The others browers will work if you see desired behavior in one browser.

    I hope this clears things up. If your site isn't online with the feature, please set up a staging site and then send me the login details using the Contact feature on my profile which you can access through my avatar, and I'll take a quick look at what can be done.

    You need at a minimum configuration set up for the module and sometimes some javascript to complete a well functioning handling of cookies. In rare cases you need php code, and if you need php code you also need to factor in caching strategies.

    Hope this clears up a few things and I'd be happy to reach out a hand if you provide more information.

  • Status changed to Postponed: needs info about 1 year ago
  • 🇮🇹Italy AppLEaDaY

    Thanks for caring about my issue, @svenryen!

    Actually, if you don't enter any cookies in COOKIE HANDLING, all cookies will be unset by the module. You will need to enter line by line each cookie name together with the name of the associated category.

    Below the Allowed cookies textarea I read the following caption.
    When using the opt-in or opt-out consent options, this module will delete cookies from your domain that are not allowed every few seconds when consent isn't given.
    When consent isn't given makes me think that acceptance or rejection of a cookie is determined anyway from the choice by the user, so I don't see why I should mention it in that Allowed cookies textarea.
    Cookies from your domain seems to support what @Mahima_Mathur23 asserted, that is the module has no control over third party cookies. So who is supposed to remove the cookies related to Google Analytics? Still I saw those cookies disappear...
    In the mentioned textarea I mentioned just cookies_agreement-categories, cookies_agreement-version and cookies_agreement, but I suspect this may be useless, since I read PHP session cookies and the cookie for this module are always allowed.

    You may or may not need to set up something using javascript

    sometimes some javascript to complete a well functioning handling of cookies

    Is this possible practice documented somewhere? I'm still wondering what you meant with I've only gone for the javascript route, though I suspect that might be related just to some Google Analytics mechanism...

    As for the living environment to inspect for you, I have to say momentarily I'm not up to date with Google Analytics service, that is I was using the Google Analytics Drupal module, but I read now that project has been marked as Obsolete and Use of this project is deprecated. Probably this module was bound to the legacy GA service that has been shut down?
    When I asked for help months ago I had still the Google Analytics service in mind for the website I was dealing with, but eventually I disabled the module and I'm afraid now enabling it back and configuring it with the code of the case won't be enough to give you the environment you need, will it? I'm willing to take advantage of your kind helping hand, since I desire to figure out how to properly use the EU Cookie Compliance module, but I'm momentarily unprepared. What do you expect to find? A whatever drupal instance with some module that can deal with Google Analytics 4 and a property configured? I still don't know what this module could be. I'm sorry, I have to catch up.

    Many many thanks!

    Andrea

Production build 0.71.5 2024