@tsteur opened this Issue on August 2nd 2020 Member

When you want to make sure that across all sites cookies should never be used. It's otherwise incredibly difficult to ensure all sites implement it correctly.

What this feature would do is

  • Define a custom tracker.js in the plugin that makes ideally sure that cookies cannot be enabled in the client (eg we can overwrite some tracker methods like tracker.setCookieConsentGiven=function(){} etc and we can automatically call tracker.disableCookies())
  • Server side we would in Tracker/Request never return any visitorId. So even if the client did send a visitorId, we would ignore it and rely on fingerprint.

Out of scope for now be removing metrics like Unique visitors that wouldn't be correct anymore.

@tsteur commented on September 3rd 2020 Member

We'd likely need to have this feature on a "per site" basis and "overall" basis. By default the feature is "managed overall" but could be changed to configure it on a "per site" basis. Then we would use the measurable settings.

The custom tracker.js that ensures cookies cannot be enabled can only be added when the setting is disabled overall. This can be achieved using the 'CustomJsTracker.shouldAddTrackerFile' event like this:

    public function shouldAddTrackerFile(&$shouldAdd, $pluginName)
        if ($pluginName === 'PrivacyManager') {

            $config = new Settings();
            $shouldAdd = !$config->hasCookiesDisabledGlobally();

@tsteur commented on September 3rd 2020 Member

We would also want to add an "Informational" diagnostic check for this eg in ConfigInformational() so if someone reports a problem then we know how this setting is configured and it will be easier to troubleshoot issues where people say "cookies" aren't working or so.

Not sure how it can be printed in the diagnostic check though when it is configured on a per site basis. Maybe then we can't show it since there could be many sites. Maybe we'd then rather show a summary: Number of sites having cookies disabled enforced: X, number of sites having cookies disabled not enforced: Y

Powered by GitHub Issue Mirror