@Sven74Muc opened this Issue on June 28th 2020

I set up a new Wordpress installation with just a GDPR consent tool and Theme 2020. Tested different GDPR tools, allways the same issue. One GDPPR tool I have is: https://wordpress.org/plugins/gdpr-cookie-compliance/

The issue

User gives his consent (opt-in) and the tool is placing te matomo code, cookies will be placed. If the user now revoke the consent (opt-out) the cookies should be deleted... but the matomo cookies are still there if Ii use Firefox. In Chrome and Edge they will be deleted.
I tested the same with Google Analytics and a pop-up plugin which sets cookies... no problem in Firefox, cookies are deleted after opt-out.
I deleted all Firefox profiles, deleted Firefox and re-installed Firefox.... Cookies are not deleted after opt-out.
I talked with the GDPR plugin developer, they provided an update because first matomo cookies have not been deleted in all browser. Now the issue is (like with other alternative plugins) only in Firefox, so it look not that it is an plugin issue.

To sum up:
Only matomo cookies have an issue to be deleted in Firefox by different Worpress plugins in a fresh Wordpress installation.

Questions:
1) I'm not a programmer at all. What is different with the matomo cookies than with others? What could prevent to get them deleted?
2) Have you seen something similar before? Any idea what this can be?
3) Any idea what I can do to identify the error?
4) Does this require a change in matomo? Is this maybe solved in matomo 4.0? (When will matomo 4.0 be realistical available?)

@Sven74Muc commented on June 28th 2020

The test installation you will find here: https://cookie.dlgo.de

After clicking on ok in the footer banner the cookies will be set. Then you see a gear icon at the bottom left. Here you can change the consent. If it is set to ret, the cookies should be deleted. If it is set to green, the cookies schould be placed.

I have tested this with only matomo code, then changed it to only Google code. Now, for testing I have implemented both and 2 switches to set or unset the code.

@Sven74Muc commented on June 28th 2020

3 things I discovered comparing the google and matomo cookies:

1) Google cookies are set to Domain: .dlgo.de while matomo cookies set to Domain: "cookie.dlgo.de"
2) Google cookies are set to SameSite: "None" while matomo cookies set to SameSite: "Lax"
3) Google cookies are set to HostOnly: "fales" while matomo cookies set to HostOnly: "true"

Can one of this cause the issue?

Regarding number 1)... I have the same issue if I do not install it on a sub-domain. A root domain (like https://dlgo.de) is causing the same problem. In this case, the cookie domain is set to "dlgo.de" instead of "cookie.dlgo.de". So here we could have a problem with the missing dot in front of the domain (.dlgo.de or .cookie.dlgo.de) if we compare it with the Google cookie.
(dlgo.de is just an example, I tested it with another root domain)

@tsteur commented on June 28th 2020 Member

@Sven74Muc

I've had a quick look in Firefox but couldn't find anything interesting. These cookie attributes shouldn't really make a difference and eg cookie domain should be fine.

I don't know how the cookie compliance plugin is deleting cookies unfortunately. Maybe they don't detect them correctly or so. I think you already pinged them as well in their plugin it be great if they debugged their cookie deletion logic to see what the problem is.

You could also ask in our forum otherwise if someone knows more maybe: https://forum.matomo.org/

Don't know if the plugin lets you execute some code on opt out. If so you could try and run window._paq = window._paq || []; window._paq.push(['disableCookies'])

I tested this and when I execute this in Firefox on your site all cookies are deleted. Be great to get the plugin developers to look into this otherwise.

I'll close this now @Sven74Muc as from our side all looks good. Should there be any bug I'll be happy to reopen.

This Issue was closed on June 28th 2020
Powered by GitHub Issue Mirror