search

guyasyou / Pure-Cookies-Notice

Cookies Notice allows once to notify users of anything, including the use of cookies (The Cookie Law Explained). Package for CMS Concrete5
https://www.concrete5.org/marketplace/addons/cookies-notice/
Other
1 stars 1 forks source link

Post-consent actions #8

Open mlocati opened 5 years ago

mlocati commented 5 years ago

This (wonderful) addon currently shows a warning and sets a cookie when the user accepts the cookies usage.

By the way, the pages may have some custom code that doesn't show some code (for example, Google Ads stuff) if the cookie is not set. When the user accepts the cookie, we should re-enable the disabled code (Google Ads in this example) in some way. This could be done in various ways:

If it's ok, I can implement those "post-consent" events

guyasyou commented 5 years ago

I don't quite understand what it is about, but I do not mind ))

mlocati commented 5 years ago

Well, the whole stuff about GDPR (and cookie consent) is that we should use cookies that collects user data (for example Google Ads) only after the user accepted that.

So, in the site, we may have a condition like this (pseudo-code):

if ($userAcceptedCookies) {
   echo $googleAdsStuff;
}

At the first visit, the cookies are not accepted yet, so we don't print out Google Ads stuff. When the user accepts the cookies, we need to add Google Ads stuff to the page. In the above example, we should reload the page (but we may also implement the alternative solutions I listed above).

guyasyou commented 5 years ago

Google write cookies to my domain? I think, he use google's domains. I created this block for notify about anything, no only GDPR

mlocati commented 5 years ago

Nope. For example, if you browse to https://www.concrete5.org/ you have these cookies:

mlocati commented 5 years ago

Furthermore, the purpose of displaying an alert to users is not to tell them that the website is using cookies: we ask users to allow the website to use cookies (technical cookies are always allowed, like the CONCRETE5 session cookie).

So, it's not enough to display an alert: the code should act accordingly to the fact that a user has accepted the cookies or not. That's why we need to do something after a user has accepted cookies.

Google Tag Manager (GTM for short) is very helpful in this.

If you don't know it, GTM is a way to manage analytics/tracking codes ("tags" in GTM terms): you create a tag container in GTM and add it to the website.

First, at https://google.com/tagmanager you create a tag container. The code to be added to the website is something like this (where GTM-XXXXXXX is the identifier of the created tag container):

<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-XXXXXXX');</script>

this code can rewritten simply as:

<script>
if (!window.dataLayer) {
    window.dataLayer = [];
}
window.dataLayer.push({'gtm.start': new Date().getTime(), event:'gtm.js'});
</script>
<script src="https://www.googletagmanager.com/gtm.js?id=GTM-XXXXXXX" async></script>

The actual content of the container GTM-XXXXXXX is then managed at https://google.com/tagmanager: you don't have to touch your website anymore.

In GTM you can then add to the container all the "tags" you need. GTM supports tons of tags (Google Analytics, Google Ads, custom HTML and many more). You can even instruct GTM to load a tag only if a cookie is set, or when an "event" occurs.

For example, we could add a Google Ads tag to the container, and instruct GTM to load it only when an event called pure_cookies_notice_accepted is fired.

So, the Pure Cookies Notice block could act like this:

  1. if users already accepted the cookies, the block could simply output this code: 
    <script>
if (!window.dataLayer) {
window.dataLayer = [];
}
window.dataLayer.push({event: 'pure_cookies_notice_accepted'});
</script>
  2. if users haven't accepted the cookies yet, we show the popup, and when users accept the cookies we add this code to the hideNotify function: 
    function hideNotify() {
// ...
document.cookie = cookieName+'=read; path=/; expires=' + date.toUTCString();
if (!window.dataLayer) {
    window.dataLayer = [];
}
window.dataLayer.push({event: 'pure_cookies_notice_accepted'});
// ...
}

That's what I meant with send an event to Google Tag Manager (for users using it) above.

guyasyou commented 5 years ago

Ok, but, I do not want to limit this block for GDPR only, this functionality should be disabled by default.

mlocati commented 5 years ago

Sure!

PS: if not for GDPR, what's the purpose of this add-on? Are there any other cookie-related laws outside the EU?

guyasyou commented 5 years ago

It block for notify about anything once. Notify about technical work, changes in anything, etc.

mlocati commented 5 years ago

I'm going to implement this.

In order to avoid merge conflicts, could you review (accept/deny) https://github.com/guyasyou/Pure-Cookies-Notice/pull/9 ?

guyasyou commented 5 years ago

Merged