Universal cookie does not remember user saying no to cookies

[mariongalley]

Describe the bug If I click No to cookies on a threesixtygiving site, I expect not to be asked again within a short time frame.

To Reproduce Steps to reproduce the behavior:

1. Go to a 360Giving tool
2. Decline cookies
3. Wait 1 day
4. Go to the same or a different 360Giving tool
5. Warning pops up again

Expected behavior Remember users declining cookies

Browser: Chrome, but same issue happens in Firefox

[mariongalley]

@codemacabre Would you or someone else from ODSC team be able to look into this this week please?

[codemacabre]

It looks like the cookie expiry isn't set, which means the browser deletes it depending on what it defines as a session. @mariongalley how long would you like the cookie to be set for? A month seems like a decent compromise between privacy and convenience.

[mariongalley]

@codemacabre Good question - when we spoke with Michael he said it would be set until cookies are deleted, so I don't know if it's considered poor practice to set the cookie indefinitely?

[codemacabre]

@mariongalley Cookie expiry needs to be proportionate and the ICO states indefinite is never proportionate.

I propose 30 days to start with and we can assess going forward?

[mariongalley]

Thanks @codemacabre - that sounds good to me. Please can you let me know when it's implemented so I can advise the team?

[codemacabre]

Note that Matomo's cookies are by default set to be remembered forever (see https://developer.matomo.org/guides/tracking-consent). So the above issue must be caused by opting out of analytics, as we control that cookie.

[codemacabre]

This has now been deployed across the various sites / apps. Users might need to clear current cookies to make sure the existing cookie is replaced, but this should happen automatically whenever the existing cookie expires.

[mariongalley]

@codemacabre I've had another user report the cookie pop up returning every time they visit our site(s). They use Chrome on Mac. Are ODSC team able to test this and reproduce on different OSes/Browsers? And should this be a new issue?

[codemacabre]

@mariongalley I've tested this on various OSs and browsers including Chrome on Mac, and can't reproduce, with the exception of having browser privacy settings and extensions set to automatically clear cookies, etc. The only explanation I can give is that the users must have a setting or an extension which resets the cookie expiry.

In Chrome settings, under 'Privacy and Security', there is a section to explicitly allow cookies - if they add threesixtygiving.org there, that should override any browser-based settings.

If they have any extensions active, they might need to try deactivating them to see which might be causing an issue.

[mariongalley]

Thanks @codemacabre !