I can confirm this is still happening in version 3.13.5.
_paq.push([‘requireConsent’]); has no effect and _pk_id and _pk_ses cookies are being set without calling setConsentGiven.

Maybe there is another way to make sure Matomo tracking code is loaded only after consent is given? For instance, I tried to add the tracking code dynamically using JS, instead of hard-coding it into the HTML; but tracking wouldn't work this way for some reason..

See also #13056 and #15948

Any chance to get this fixed... after 2 years? With this matomo isn't really GDPR ready

Maybe there is another way to make sure Matomo tracking code is loaded only after consent is given? For instance, I tried to add the tracking code dynamically using JS, instead of hard-coding it into the HTML; but tracking wouldn't work this way for some reason..

I tried an external consent Wordpress plugin called "GDPR Cookie Consence". This is placing the matomo code first if the user set the opt-in. No cookies will be set. After rejecting the opt-in the cookies will be deleted... Great, but... if the user set's the opt-in the matomo code will be placed and the cookis set. This is I think through a page reload. At the End I have 1 visit and 2 page views in matomo instead of 1 visit and 1 page view. :-(

@Sven74Muc we might have a look into this in a few months.

I have moved this into 4.1.0 just so it doesn't get lost (as I think this would be really useful for being compliant with future privacy changes).

If someone else wants to contribute this feature, it would be possible to get it earlier.

Think it is not only useful for being compliant with future private chances... it's needed today to be compliant.
Think it should be solved in 4.0, 4.1 is too late!

If this is solved only in a few month (after two yearf of no change) I need to delete all matomo installations and have a look for another system.
My feeling is that this will not be changed in 2020 and also not in 2021... very sad. Matomo is a great system but with some issues like this (which are fundamental) it ios not usable.

btw this refs #13056

I guess requireCookies would be calling disableCookies and then setConsentGiven would enableCookies (unless the user called disableCookies manually). since tracking consent != cookie consent so we cannot simply enable cookies if the user disabled cookies

btw this refs #13056

I guess requireCookies would be calling disableCookies and then setConsentGiven would enableCookies (unless the user called disableCookies manually). since tracking consent != cookie consent so we cannot simply enable cookies if the user disabled cookies

No, cookies are not allowed to set before consent is given (opt-in). Calling disabledCookies is not GDPR conform. There will be much court rulings in the future. The other thing is trust.. Do you think a visitor trust that a disabled cookie is realy disabled? If a cookie is there it is there and you cant't controll what it is doing. The fact that it is there generates question, doesn't matter what law is saying.

It's only how it would work internally. The user etc won't notice any of this.

So I maybe missunderstood you. As long as before the opt-in no cookies are set in the browser of the user it is fine.
So I hope this solution comes now quickly after 2 years of waiting.

How can we get this to 4.0.0 ??

How can we get this to 4.0.0 ??

The guaranteed way is by someone creating a Pull Request which contributes this change.

Hmmm... this means I need to develope it? I'm not a programmer :-(

FYI I'll look into this in the next days and we're planning to have this in the next 3.X release

Apologies this took so long! I can totally understand any frustration. We'll do our best so this won't happen again.

I've worked on this and if anyone is familiar with patching files on a server then you could try to update your piwik.js, matomo.js, and js/piwik.min.js with this content and then give it a test: https://github.com/matomo-org/matomo/blob/74c86cc5ab97723774c0a93b1603b6cdb97cb7d2/js/piwik.min.js

Fixed by #16173