Don't set a cookie when first displaying the opt-out iframe #16791
Milestone
Comments
|
Hi @gwire thanks for creating this issue. It's a duplicate of #14402 and the cookie is needed for security reasons unfortunately. If you're worried re GDPR this cookie is definitely an essential cookie that is needed no consent or anything needs to be obtained. It also doesn't track the user. There is no way to disable it so far unless you were to build a custom opt out form see https://developer.matomo.org/guides/tracking-javascript-guide#optional-creating-a-custom-opt-out-form . Is this maybe an option? |
|
I think it's still unfortunate that this cookie is called "MATOMO_SESSID", then. With this name. privacy-aware visitors will probably assume this is a tracking cookie. Couldn't it be called e.g. "CSRF_NONCE" or something like that? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We've attempted to do cookie-less use of Matomo, but now adding the "opt-out" iframe will immediately set the session cookie "MATOMO_SESSID" anyway - this happens regardless of any interaction with the content of the frame.
Is it possible to do an opt-out iframe that doesn't immediately set a cookie regardless of user action?
This is 4.0.0 using the code generated by the "Let users opt-out of tracking" setting.
The text was updated successfully, but these errors were encountered: