Make cookies opt-in?
-
And actually I'm not entirely sure, but I think cookies that are needed for the service to work (like session cookie that would cause some problems when disabled by an anonymous user and make logging in impossible) don't actually need to be opt-in.
Still - it would be nice to have a uniform cookie opt-in banner that could be expanded in plugins. Even if you couldn't opt-out of session cookie due to the way NodeBB works. Because plugins that add analytics, or even some social media buttons might need that kind of a banner. -
@0xA4B16 @Jey-Cee-0 Ah, I see what you mean -- and in that case, while we can add in a system that checks for cookie consent (saved via local storage, or ironically, maybe in a cookie), it is ultimately up to the plugin author to actually be compliant.
We can and should enforce the session cookie (even if it is not required, as @oplik0 mentions), but plugin compliance is harder (if not impossible) to guarantee in the cookie banner.
-
@julian said in Make cookies opt-in?:
Yes, there is unfortunately an issue with our cookie banner, in that it is only informational, and does not actually allow you to actively reject use of cookies.
They can leave the page. Using the site after knowing it has cookies is definitely opting in.
-
@scottalanmiller I agree, but I don't want to find out what would happen were it to be challenged in a court of law
-
@julian said in Make cookies opt-in?:
@scottalanmiller I agree, but I don't want to find out what would happen were it to be challenged in a court of law
True, but the court case in question is about a pre-checked cookie box (implicit acceptance) rather than an explicit acceptance. Different than what is being discussed here.
-
@Daniel-Furth Yes and no. The cookie consent banner is still purely informational, but we no longer store cookies for anonymous users except for one case:
If an anonymous user stumbles onto a restricted page (e.g.
/unread
), they will be redirected to the login page. This saves their previous page so they we can re-direct them back to that page when they complete a login.