Required cookies

[Bluebeerd]

On the GDPR page, if you start by clicking the 'Disagree' button, it switches all cookies off including required cookies. If you then attempt to turn cookies back on, you cannot change the status of required cookies, so you can end up with the interesting situation of tracking and session cookies enabled, with required cookies off.

Image attached

[majorimi]

Hi @Bluebeerd, Thanks for contacting me. Interesting finding but this is a demo application only. Not a sound proof business solution. Actually there is no real cookies behind this form (even the whole application is not using any cookies). "Required" cookies is just a name to show something on the UI but could be named "Some cookie" or "Non existing cookie"...

Also this GDPR Consent component is just UI element + some services. The component itself does NOT restrict any cookies to be stored or used (it is documented). It is helping developers to prompt consent, read out user decisions (with events), store it in local storage with expiration date, etc... So has many features but does not restrict cookies it must be done by the application developer on Server side responses or WASM apps (e.g. put an if on tracking code and inject it only when consented, etc.). So there can be many cookies for a big application as a component provider won't manage all of them....

If a real application needs to be allow real "Required" cookies, then their developers should disable that option so users cannot disallow it. In this case NO cookies at all just added some names so totally irrelevant. But try to make it clear.