Introducing CookieManager

Website privacy, security, cookies and GDPR are a hot topic currently. One of the biggest questions is how can a RapidWeaver user safely, easily and compliantly display content based on user consent?

Take for example some analytics tracking code or a Google map. How can this type of content only work if a user clicks a button and explicitly opts-in or opts-out? Currently it is almost impossible to do this without some really complicated coding. Although some solutions claim to offer a fix, a quick look in the browser console reveals a horror-show of invasive scripting and tracking cookies continuing to download in the background, irregardless of consent being granted or not. This simply is not good enough for GDPR compliance!

And so the CookieManager stack was created. CookieManager can swiftly create, modify or delete tracking cookies. Zero complicated coding or configuration is required. It is able to conditionally display areas of a webpage or load scripting (like analytics) only if a matching cookie is found.

Watch a quick video here [CC]:

It can work great in conjunction with FloatingContent, Gateway or TopBox stacks. Use either three of these stacks to display attractive popup messages about privacy or cookies; and generate an opt-in consent cookie when the message is dismissed.

Then you can configure CookieManager (with the same tracking cookie ID) to conditionally display or hide parts of a website. Not only that, but you can change CookieManager to display a button to modify or delete the tracking cookie too - allowing the user to freely change their cookie preferences later on.

This is a free stack to download and use. It should solve a lot of GDPR and associated problems many RapidWeaver users have been struggling to resolve before the 25th May 2018 deadline kicks-in. User security and privacy is not something you can leave to chance or pretend that it does not apply to you!

If you have questions about CookieManager, or need support, please make a contribution. Support questions can be emailed via the Stacks4Stacks contact page. General advice is available on aspects of GDPR compliance.

Learn more…

Thanks Will

Nigel…

Every time I deal with GDPR I feel like my head might explode. It’s so confusing. Thanks so much Will I shall download and learn asap.

I’ve watched this video 3 times now, still can’t get my head around it :(. Would it be a massive pain to show us by video how to set up the stack with google analytics and topbox for example?

Thanks Will, downloaded earlier and looks like a good tool to help address the cookie issue.

Thanks again.

Mark

Looks great but I’ve a question.

Is the idea that you put one on every page? That seems onerous, but what happens if someone visits your site and goes straight to the blog page, for example, rather than the home page?

Rob

Yup I was wondering the same Robbeattie. I’m assuming you can set it up to cover the whole of the website though.

I would assume the cookiemanager could be incorporated into a Partial and used throughout the site as with other stacks ??

Has anyone fully implemented this stack yet?

Do we NEED Gateway or can we just use Topbox with this stack?

@Gabrielle @Linda3344 :

Everyone who has followed this instruction and contacted me by email has already received a sample RW7 project file that contains a working example of TopBox and clear setup instructions for use with CookieManager. Pretty-much a copy and paste example to reuse in your own projects.

@willwood Is it possible to publish a link to that demo project…? Would be very helpful.

20 characters blah blah blah

I have been trying to apply it with the gateway stack. I am struggling though.

I have put Gateway as a partial on each page as my visitors could come in at various points and I wanted them to be altered to the ability to manage cookies. This seems to reset the cookie to “true” after you visit any of the pages.

I really likely the idea of being able to allow users to amend their choice and also to be able to isolate stacks and widgets that use cookies (great feature). I have thus created a cookies page largely setup like Will’s in his Video where it shows status of optin/out and buttons to amend preference.
However am finding that whilst I can amend the preference on this page as soon as I go back into the other pages the cookie gets reset to true. So long and short of it is I think if you plan to use Gateway to provide that initial cookie your users will find that effectively they cant turn it off.

This looks to be a great stack and is badly needed. I am very keen to get this to work and I think I may be tackling things wrongly. Any advise from the community would be great.
George

Hi All

Having purchased Gateway and downloaded Wills free Cookie Manager I have been able to implement a Cookie instance across my site together with the ability to revoke the cookie access.

I first set up Gateway to create the alert box and set the cookie.

A Partial was then created from it and included within my existing Initial Site Styles partial (I am a Foundation User)

You will note that the Gateway alert references my Policy Statement - within the Policy Statement page - at the bottom - there is an instance of Cookie Manager that can , if pressed , revoke the cookie access.

All appears to work fine from my end and does at least help to provide some compliance for my use case.

Please take a look and comment as necessary - CSM Website

Kind Regards
Paul

check here for an implementation:
https://doktorfreund.de

(combination with Gateway - works well, I think)

Contribution done. This is a VERY VERY important stack. I only would like to encourage you to go a bit beyond the cookie issue which is something that will be part of ePrivacy. What’s equally important is to put a perfect imprint and data protection disclaimer on your website as there will certainly be bots skimming the net for incomplete texts and try to sue the website owner (the one who’s listed in the imprint, that is).
What I’ve got some headaches with is using Disqus on my websites via Armadillo from @nimblehost as the comments of Disqus are typically stored in the US and, hence, fall unter the privacy shield regulations. Means: Yo need to prove that Disqus has a signed agreement. Also, it might be an issue to execute on requests for deletion of comments based upon the right to be forgotten. Disqus is not really helpful here… Any idea here on how to deal with it, Jonathan?

Thank you @jsc - I knew that comments would be a problematic area of GDPR compliance. The two biggest providers in the game (Disqus and Facebook) are not best regarded for their compassion towards privacy issues! With that in mind, in February I developed a brand new comments stack. A couple of members of this forum are currently testing it on a kind-of extended pilot test period to see how it fairs. This stack stores user-submitted comments and product reviews or ratings in ‘flat file’ format on your own web server. It never takes sensitive information from the user, like their real name, IP address or email address. It has no dependency on any outside services or third-party platforms. So this should comply with GDPR regulations nicely. But I don’t know how well it would work inside blogging stacks. This solution was mostly created for users with very simple and modest commenting / reviewing requirements; as a stack you could place at the end of webpages (or on a page of its own, for the creation of a simple guestbook).

I have now contributed and will try to follow it through to a successful setup :).

I’m a bit vague on that too. Also, wouldn’t it be good if developers could tell us which stacks actually set cookies, or am I asking for the world?!

I actually had that in the forum somewhere already. Totally agree. There’s quite some material that would be helpful for the developers such as: https://www.cookielaw.org/media/1096/icc_uk_cookiesguide_revnov.pdf
Used cookies should be listed with their category: https://en.wikipedia.org/wiki/HTTP_cookie