@thisisjulien opened this Issue on November 15th 2019

Hi there,
since we're using Matomo v3.12.0 _pk_testcookies are always set. A condition has been removed in https://github.com/matomo-org/matomo/pull/14495/files.
This could be a GDPR issue if we don't declare them in our privacy policy. After the update we're wondering if we should edit our privacy policy's on several sites or if this get's fixed within the next update. So, is this a bug or a feature? :)
Can u maybe remove the generated cookies after doing the test or can you restore the condition?
Thank u and best regards

@Findus23 commented on November 15th 2019 Member
@thisisjulien commented on November 15th 2019

Hmm yes almost :D But as I understood for #15000 & #15107 the issue was that the testcookies were generated while disableCookies was set. We don't set this option and it happens anyway.

@Findus23 commented on November 15th 2019 Member

Hi,

The only way to detect if a browser is supporting cookies is to set one and check if it is set. So Matomo does need to set this cookie to work (unless you disable cookies).

@tsteur commented on November 17th 2019 Member

It's actually a feature and was needed to avoid some warnings or so in IE. The cookie is immediately deleted again so it shouldn't be an issue. And it's a cookie that isn't tracking you or anything. It's just to check if cookies are enabled so reckon it shouldn't be an issue. Happy to reopen the issue if it is an issue.

@thisisjulien commented on November 19th 2019

Thank you for your quick response. Ok so I think we have an issue on our page, because the testcookies are not deleted and thats why I was confused.
Best regards

@tsteur commented on November 19th 2019 Member

The cookies are deleted but you can't see this right away. To see that they were deleted you would basically need to remove the tracking code, and then reload the page. You can otherwise also see the cookie that it has been deleted by looking at the expiry date which should be in the past.

@digitalbricks commented on December 2nd 2019

I checked this on two sites but in may cases the expiry date of pktestcookie is updated even after calling _paq.push(["deleteCookies"]);. Well, always to the current time so the expiry date is in the past but i would expect that _paq.push(["deleteCookies"]); also deletes the pktestcookie – as it does with pkses and pkid. So it stays a little bit confusing to me.

@tsteur commented on December 2nd 2019 Member

Setting an expiry date in the past is basically how you delete cookies. We do it like this for all our cookies also when you call deleteCookies. It should be removed if you remove the tracking code from your site for a test on the next page reload

@tsteur commented on December 2nd 2019 Member

BTW we are making improvements to this in https://github.com/matomo-org/matomo/pull/15225 so in most browsers it won't set a test cookie anymore and we will also set max one per domain if a test cookie is needed

@digitalbricks commented on December 2nd 2019

Thanks for explaination! But unlike the pkses and pkid cookies, the pktestcookie does not disappear in Firefox (or Chrome) Devtools when calling deleteCookies. Even if the page is reloaded without tracking code! I've testet that some time ago and didn't have this "issue" – the pktestcookie was never set in the (or a) past version of MATOMO.

Feel free to test the behavior on my site, where MATOMO is loaded or removed via a Opt-IN cookie consent banner:

  • visit my site
  • click the button "Einverstanden" in the cookie consent banner to enable MATOMO tracking
  • check Devtools to see if the three matomo cookies are created
  • click "Cookies" in the footer to re-open the consent banner
  • click "Ablehnen" in the consent banner to disable MATOMO (calls deleteCookies and disableCookies and reloads the page)
  • now the pkses and pkid are gone, but __pktestcookie is still there -- even if no HTTP query is sent to my MATOMO installation any more
  • you may reload the page another time but __pktestcookie stays intact and the expiry date gets updated (oddly enough not on every reload but after a minute or so ...)

If interessted you will finde the JS code I used for the Opt-IN on my blog (germany only but code commented in english). I used this code multiple times and never had that issue before – but now reproducible on multiple sites updated to the latest MATOMO version.

@tsteur commented on December 2nd 2019 Member

BTW just commented one minute before your comment in https://github.com/matomo-org/matomo/issues/15161#issuecomment-560543806 in firefox it shouldn't even be set anymore in the future.

I can reproduce your steps and have an idea by what it is caused 👍

This Issue was closed on November 17th 2019
Powered by GitHub Issue Mirror