I was just testing the opt out. I was embedding the opt out into an html page and opted out. The third party
ignore cookie was set. Then I added the tracking code to the same site. I then reloaded the page and it was suddenly saying
You are not opted out
Even though it should say
You are opted out
The problem is that it seems to only check for the first party cookie but not for the third party cookie status here:
This will be pretty much the behaviour for all Matomo sites as none of the visitors that previously unsubscribed would have the first party ignore cookie yet. So it is important to only show "You are not opted out" if neither the first nor the third party ignore cookie is set. If either of them is set, we assume the user is opted out.
I then opted out, and it was saying "opted out" after I clicked on it. However, when I reloaded the page, it was saying again "not opted out".
disableCookiesin my tracking code (https://matomo.org/faq/general/faq_157/). I wonder if we need to still execute the methods
rememberConsentGiveneven when cookies are disabled? @Findus23 @mattab
Stopped testing afterwards.
We should double check that the user was actually opted out before changing the status of the checkbox ideally.
that'd be great.
And if it didn't change the status, maybe we could show a message explaining the user it didn't work and to retry or to contact the website owner? Maybe could even adjust the message if the opt out is running on http? @mattab Any thoughts? It would basically not work when the site is embedded using http and the user does not have the tracking code on the same page or the opt out iframe domain does not match the tracker domain...
If it's possible then be great to explain in the error message why it doesn't work eg
Opt-out feature is unfortunately not working because this site is not using https and the tracking code cannot be found on this page. Please contact the website administrator for help. or
Opt-out feature is unfortunately not working because this opt-out iframe domain $DOMAIN does not match the analytics service domain $DOMAIN2. Please contact the website administrator for help.
I noticed it was actually not changing the status because I had disableCookies in my tracking code (https://matomo.org/faq/general/faq_157/). I wonder if we need to still execute the methods forgetConsentGiven and rememberConsentGiven even when cookies are disabled? @Findus23 @mattab
not sure of the code details, but the idea would be that consent mechanism should be completely independant of cookies and work the same whether or not cookies are enabled in tracker.