@tsteur opened this Issue on August 2nd 2020 Member

When you want to make sure that across all sites cookies should never be used. It's otherwise incredibly difficult to ensure all sites implement it correctly.

What this feature would do is

  • Define a custom tracker.js in the plugin that makes ideally sure that cookies cannot be enabled in the client (eg we can overwrite some tracker methods like tracker.setCookieConsentGiven=function(){} etc and we can automatically call tracker.disableCookies())
  • Server side we would in Tracker/Request never return any visitorId. So even if the client did send a visitorId, we would ignore it and rely on fingerprint.

Out of scope for now be removing metrics like Unique visitors that wouldn't be correct anymore.

@tsteur commented on September 3rd 2020 Member

We'd likely need to have this feature on a "per site" basis and "overall" basis. By default the feature is "managed overall" but could be changed to configure it on a "per site" basis. Then we would use the measurable settings.

The custom tracker.js that ensures cookies cannot be enabled can only be added when the setting is disabled overall. This can be achieved using the 'CustomJsTracker.shouldAddTrackerFile' event like this:

    public function shouldAddTrackerFile(&$shouldAdd, $pluginName)
        if ($pluginName === 'PrivacyManager') {

            $config = new Settings();
            $shouldAdd = !$config->hasCookiesDisabledGlobally();

@tsteur commented on September 3rd 2020 Member

We would also want to add an "Informational" diagnostic check for this eg in ConfigInformational() so if someone reports a problem then we know how this setting is configured and it will be easier to troubleshoot issues where people say "cookies" aren't working or so.

Not sure how it can be printed in the diagnostic check though when it is configured on a per site basis. Maybe then we can't show it since there could be many sites. Maybe we'd then rather show a summary: Number of sites having cookies disabled enforced: X, number of sites having cookies disabled not enforced: Y

@sgiehl commented on October 15th 2020 Member

@tsteur I've already implemented #16259 with new SystemSettings / MeasurableSettings classes, and here is another feature that should be available on a global and per site base. I'm wondering if it might maybe make sense to introduce a new class structure for that. E.g. each plugin could define Feature classes, that holds information about a feature that should be possible to enable/disable (similar to the reports or widgets). Based on the definition that feature would automatically be added as SystemSetting and/or as MeasureableSetting. Everywhere else in the code where it's required to check for that feature we could have a simple Feature::isEnabled($idSite).
What do you think about that idea? Haven't fully thought that through yet, but wanted to hear your opinion before spending more time on that or maybe even start implementing that.
Having everything as Settings would be fine as well I guess...

@tsteur commented on October 15th 2020 Member

Generally it sounds good but thinking we might not have enough time before the release to do this. Also would need to think this through a bit more as it might not only be enabled/disabled but also other settings/configurations etc. So far it's not too difficult to implement the case where we have a global flag plus a measurable flag so probably won't need it for now. As we move more and more features and configurations to also allow being site specific this will be definitely something to look at eventually.

This Issue was closed on October 27th 2020
Powered by GitHub Issue Mirror