"Protected" Cookies?
89 views
Skip to first unread message
Steven Sundheim
May 16, 2018, 4:52:49 PM5/16/18
to Cookie Control Support
Hi, the documentation is confusing me on the "OptionalCookies/cookies" setting :
" This will inform the user of the different types of cookies the website may set, and protect any given type from being deleted should the user have consented to their use."
and:
"The name of the cookies that you wish to protect after a user opts in."
Why would a cookie be deleted or need "protection" when the user grants consent? I just don't understand what this setting is for.
Thanks!
Colin Wiseman
Jan 23, 2020, 3:15:28 AM1/23/20
to Cookie Control Support
I have to add my confusion to this part of the documentation as well.
Please can someone clarify what this setting is for?
Gerasimos Tzoganis
Jan 23, 2020, 4:27:33 AM1/23/20
to Cookie Control Support
Hello,
Cookie Control by default will delete all cookies when it runs after a page load, apart from those that you have marked in your configuration as "necessary", using the necessaryCookies property, or the optional ones to which the user has consented. So these cookies will be the ones that will be "protected" from getting deleted on every page load.
Cookie Control by default will delete all cookies when it runs after a page load, apart from those that you have marked in your configuration as "necessary", using the necessaryCookies property, or the optional ones to which the user has consented. So these cookies will be the ones that will be "protected" from getting deleted on every page load.
If you don't populate the cookies array inside an optionalCookies category, Cookie Control has no way to know which cookies it shouldn't delete when consent is given. For example, imagine you have a "analytics" cookie category but you have not specified any cookie names for it and the user consents to analytics cookies. When the user consents, your analytics scripts will run and set a cookie to remember the user on subsequent visits.
So when the user visits another page of your website, Cookie Control will see this category is accepted, but won't know which cookies it shouldn't delete, so it will also delete the cookie that your analytics plugins set before. Your analytics plugins will then run again and set new cookies, so the same user will appear as a new one when you review your website's stats. Generally speaking deleting cookies like this on every page load can lead to various unexpected problems.
I hope this clarifies things.
Kind regards,
Gerasimos
Colin Wiseman
Jan 23, 2020, 5:32:50 AM1/23/20
to Cookie Control Support
Thank you! The description isn't the clearest (imho) and my testing was showing that the cookies weren't being deleted, but I now realise they were being deleted but recreated at the same time so they looked like they weren't being deleted.
The description in the documentation says:
"The name of the cookies that you wish to protect after a user opts in."
would be better written as (if I could be so bold...)
"Cookie Control doesn't delete any necessary cookies you've set, but you need to tell Cookie Control which other cookies not to delete on subsequent page and/or site visits as we try to delete all undefined cookies every page load."
Mildly verbose probably, and now I know what that setting does, it does make sense. But I read through the documentation again (and may have missed it again) but it isn't 100% obvious that you try to delete as many cookies as possible on every page visit. I knew it deleted cookies when you revoked permission, but I didn't realise it deleted cookies when it loads first time and on subsequent page visits. I just thought it worked on onAccept and onRevoke, but as I now know it does more tidying up than I thought.
"Cookie Control doesn't delete any necessary cookies you've set, but you need to tell Cookie Control which other cookies not to delete on subsequent page and/or site visits as we try to delete all undefined cookies every page load."
Mildly verbose probably, and now I know what that setting does, it does make sense. But I read through the documentation again (and may have missed it again) but it isn't 100% obvious that you try to delete as many cookies as possible on every page visit. I knew it deleted cookies when you revoked permission, but I didn't realise it deleted cookies when it loads first time and on subsequent page visits. I just thought it worked on onAccept and onRevoke, but as I now know it does more tidying up than I thought.
Reply all
Reply to author
Forward
0 new messages