You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've attempted to do cookie-less use of Matomo, but now adding the "opt-out" iframe will immediately set the session cookie "MATOMO_SESSID" anyway - this happens regardless of any interaction with the content of the frame.
Is it possible to do an opt-out iframe that doesn't immediately set a cookie regardless of user action?
This is 4.0.0 using the code generated by the "Let users opt-out of tracking" setting.
The text was updated successfully, but these errors were encountered:
Hi @gwire thanks for creating this issue. It's a duplicate of #14402 and the cookie is needed for security reasons unfortunately. If you're worried re GDPR this cookie is definitely an essential cookie that is needed no consent or anything needs to be obtained. It also doesn't track the user. There is no way to disable it so far unless you were to build a custom opt out form see https://developer.matomo.org/guides/tracking-javascript-guide#optional-creating-a-custom-opt-out-form . Is this maybe an option?
I think it's still unfortunate that this cookie is called "MATOMO_SESSID", then. With this name. privacy-aware visitors will probably assume this is a tracking cookie. Couldn't it be called e.g. "CSRF_NONCE" or something like that?
We've attempted to do cookie-less use of Matomo, but now adding the "opt-out" iframe will immediately set the session cookie "MATOMO_SESSID" anyway - this happens regardless of any interaction with the content of the frame.
Is it possible to do an opt-out iframe that doesn't immediately set a cookie regardless of user action?
This is 4.0.0 using the code generated by the "Let users opt-out of tracking" setting.
The text was updated successfully, but these errors were encountered: