Make cookies opt-in?



  • Hi there,

    due to a new judgement of the European Court of Justice the visitor has to opt-in for cookies.

    So we are looking for a possibility to ask the visitors for their OK before the forum set it. And if they say No we have to respect this and do net set a cookie. Law says a No isn`t a reason to block the access to the site.

    I know the 'We are using Cookies' section but could not find a setting for opt-in.
    Has anyone hints to this topic?

    Greets
    Jey Cee


  • GNU/Linux Admin

    Yes, there is unfortunately an issue with our cookie banner, in that it is only informational, and does not actually allow you to actively reject use of cookies.

    For all intents and purposes, we are talking about the NodeBB session cookie. We do not save any other kind of cookie.

    The moment you land on the site, actually, you get a session cookie, whether or not you accept the cookie banner is irrelevant. We really ought to change this so it actually grants a choice, but it is not a light undertaking, since we would have to rewrite parts of the software that handle session data (if consent is not given).


  • Gamers

    And actually I'm not entirely sure, but I think cookies that are needed for the service to work (like session cookie that would cause some problems when disabled by an anonymous user and make logging in impossible) don't actually need to be opt-in.
    Still - it would be nice to have a uniform cookie opt-in banner that could be expanded in plugins. Even if you couldn't opt-out of session cookie due to the way NodeBB works. Because plugins that add analytics, or even some social media buttons might need that kind of a banner.


  • GNU/Linux Admin

    @oplik0 -- @baris actually did do the bulk of the work to get us to the point where we can have session-less/cookie-less browsing for anonymous users. Still, it's not dead simple, but is at least doable 😄



  • @julian Thank you for your answer and the work. I think its the best way to make it cookie less possible.
    One last question: Can you block also cookies from 3rd party plugins, like google analytics?


  • GNU/Linux Admin

    No, we don't control those. If you don't install the GA plugin, there won't be a GA cookie (at least, not on that particular domain)



  • So we need someone to also work on a delay system for Google and Alexa cookies, which checks for the NodeBB status if customer has accepted or denied them.


  • GNU/Linux Admin

    @0xA4B16 @Jey-Cee-0 Ah, I see what you mean -- and in that case, while we can add in a system that checks for cookie consent (saved via local storage, or ironically, maybe in a cookie), it is ultimately up to the plugin author to actually be compliant.

    We can and should enforce the session cookie (even if it is not required, as @oplik0 mentions), but plugin compliance is harder (if not impossible) to guarantee in the cookie banner.


  • Community Rep

    @julian said in Make cookies opt-in?:

    Yes, there is unfortunately an issue with our cookie banner, in that it is only informational, and does not actually allow you to actively reject use of cookies.

    They can leave the page. Using the site after knowing it has cookies is definitely opting in.


  • GNU/Linux Admin

    @scottalanmiller I agree, but I don't want to find out what would happen were it to be challenged in a court of law 😁


  • Community Rep

    @julian said in Make cookies opt-in?:

    @scottalanmiller I agree, but I don't want to find out what would happen were it to be challenged in a court of law 😁

    True, but the court case in question is about a pre-checked cookie box (implicit acceptance) rather than an explicit acceptance. Different than what is being discussed here.


Log in to reply
 

Suggested Topics

  • 5
  • 1
  • 2
  • 9
  • 2
| |