Various Issues with Stacks4Stacks MiniCookie

Before I get into this I need to state up front I really wanted this to work. I watched all Will’s videos, and he made a very compelling case not only as to why you need to address the privacy issue outside of the stuff RW supplies which doesn’t quite cut it, but further how his stack would solve all those issues.

Sadly it does not.

The GDPR law more or less states end users need to opt in to specific cookies that do different things rather than opt out. Fine, I get that.

MiniCookie’s “Multi-Select Consent” popup is supposed to address this, but I have found a number of issues with it.

Has any one else ran into the issue of it not actually showing which cookies are set when invoked? No matter what is actually set, it comes up as showing not a single one is set. It’s essentially not reading the presence of the cookies on invoke which would lead the user to believe they permissions have not been granted, when, in fact they actually are, which is entirely counter to the GDPR and CCPA law’s intents.

I have a simple example project that only uses Will’s blank theme and the mini cookie stack that demonstrates these issues fairly well, but have no idea how to attach it to this post. It’s small (like 356K zipped).

I’d be happy to upload it here, or if any are interested in seeing what it does (or more like does not do) you can download it from my sandbox server here: Mini Cookie Bug Demo

If anyone has ran into this and knows a decent workaround to actually get it to work correctly, I’d love to hear from you.

The rest of the stack appears to mostly work (although I haven’t been able to get the modify multiple cookies config to work correctly either). Crying shame, as if this did actually work correctly it’d be a very elegant solution to the intended GDPR issue.

If not, is there any other solution out there that addresses this issue and actually does work?

TIA.

Would be best to raise a support ticket directly with Will, he doesn’t routinely monitor the forums for issues.

If that doesn’t workout, the Privacy Centre stack looks very good and has a lot of functionality but don’t own it so can’t say for definite that it will work for you.

Other cookie stacks that I’ve seen are more basic and don’t have the functionality you are looking for, unless they’ve had a significant upgrade recently.

The California Consumer Privacy Act (CCPA) is so totally different then EU’s GDPR, other then dealing with privacy, have nothing in common.

  1. CCPA does NOT require any opt-in, for cookies.

  2. CCPA probably wouldn’t impact anyone using RW

    • Have a gross annual revenue of over $25 million;
    • Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
    • Derive 50% or more of their annual revenue from selling California residents’ personal information.
    • The CCPA does not apply to nonprofit organizations or government agencies.

    Very few if any RW sites would met any of these requirements.

  3. CCPA (if you meet the requirements) is an opt-out not a opt-in. You need not get consent before collection of information. If you are selling consumers information you need to provide a “Do Not Sell My Personal Information” link (must be in the privacy policy).

  4. CCPA really only impacts the sale of information, not the collection of it. It puts the burden on companies like Google and Facebook who sell private information.

I don’t have MiniCookies (don’t need any cookie managers), but I know it’s a popular stack that others are using without issue.

It’s always best practice to tag the developer @willwood when you post questions or issues on the forum. That way they get notified that posted.

1 Like

Oh I tried. Prior to this problem I had a problem with commentsStack. Rather than use the FA icons I’d made a site specific icon font that used part of the logo for the ratings “star” display and it mostly worked until one clicked on the rating.

So I sent an email with the font, the changes to his example code and several screen shots showing how the problem manifested itself, and it could have been utterly replicated with what I’d sent.

I got a reply of:

Unfortunately screenshots on their own are not really sufficient. Yes they certainly can be useful to illustrate issues, but ideally I need code to run diagnostics on and use tools like the web inspector. That’s about the only way I can troubleshoot CSS, within my abilities.

I know a lot of RW developers who will flat-out refuse to offer any help whatsoever with custom modifications, even if you tried to bribe them! Some probably will not even reply to your emails! Thankfully I’m different.

But to help you, you really do need to put together a more complete support case for me to review. Please take another look at my knowledge base article on requesting support or ask on the community forums if you don’t know what to send me.

The bottom line is that I don’t have the time (or eagerness) to spend a lot of money on addons (like Foundry) from other companies, then several hours to learn how they work, and even more time to piece-together your entire page setup again. It’s not really fair on me, considering you may have only paid $30 for the stack. Regretfully it’s just not sustainable for me to operate like that and dedicate that much time to one person. You’ll need to provide everything to save me some time and money, if you are wanting help with this.

I then spent a couple days chasing why it didn’t work stepping through the code in a browser debugger, making one change at a time inside RW and then running diff’s on the output code, and read through YourHead’s docs on the Stacks API and finally found that the problem was that no user could have made it work because he had template code that was in the the pList of the stack that would get bolted in effectively overwriting anything an end user might have included in the user editable CSS field.

So I cloned the stack, made changes to the pList so it’d work with another font and sent a project file that had one page with his stack and page with the changes in my cloned stack, and he apparently got bent out of shape that I had the audacity to suggest that he may have an actual bug.

Reply was essentially that no one had problems with it, he didn’t have problems with it, and that he didnt’ have the time to deal with other stacks (foundry or foundation).

The reality was there was no issue with foundry, or any other non Will supplied stack, it really was an implementation issue on his side, and I’d even shown him exactly where in the pList file the bolted in code showed up.

Meanwhile, I was running into this problem here, and it would even show up in his example stack with absolutely no changes whatsoever by the end user.

So I sent this over:

I wish to demonstrate something that you may not be aware of, and will provide the simplest step by step instructions to replicate a possible issue:

MIniCookie

1 Open your MiniCookie example project.

2 Enter preview mode.

3 Hit Delete all cookies to make the pop up appear.

4 Set any combination of cookies you wish, but turn at least one of them on.

5 Hit save settings. You should see “dismissed_popup” and whatever cookies you had chosen as both present, and true.

6 Delete the “dismissed_popup” cookie to make the pop up appear again.

7 Notice that whatever cookie you HAD set previously is NOT checked, even though it is actually set (which you can see at the upper part of your page).

8 Click Save Settings. The pop up goes away, and even though the checkboxes showed that nothing was set, whatever you previously had set still is.

Apparently the step by step stuff was not sufficient, and he had took some offense to my altering the commentsStack to demonstrate where the issue in that stack occurred, and the next reply aside from “No body else has had this problem and it’s working fine for me”.

I went to https://bottletreeworx.com/ but the website is broken or offline. Nothing for me to view, in regards to CommentsStack or MiniCookie. So at this point in time, you’ve essentially exhausted me and I can provide no further assistance to you.

(Well of course not, the site hasn’t been published yet and was only running on a sandbox server in house, and I’d explained that). He then ended with:

I suggest going forwards, that you use the RapidWeaver forums from now on. It appears I am unable to satisfy all your requirements. For 16 years I’ve provided free trial versions of everything I sell (and offer more free addons than any other developer does), so in future I suggest you try these addons before committing to a purchase, or just exclude me from your list of preferred developers and buy from someone else. I’m unable to dedicate any further time or replies to you.

When I sent over the project file I linked above it bounced back saying he’s blocked any incoming emails from me…

So that’s why I’m posting here. I’ve never had a developer block emails simply because they were tired of hearing about a problem a user had with their product. It’d be one thing if i was really stepping outside the bounds of the stack’s intent, but the customization of the display of the ratings in CommentsStack was an advertised feature that he marketed, and the multi-select aspect of MiniCookie was also touted as a key feature, and because I actually tried to use those features and they didn’t work because maybe no one else had actually tried to use them is sufficient reason to block me? Wow.

I used RW 10 years ago to build a site that was getting a couple hundred thousand hits a day in it’s heyday but hadn’t done anything web wise since until this project. The responsive stuff, cookies, stacks, that’s all new but I’ve noodled out most of it outside of these issues.

But I’ve looked at the stack you linked above, and it appears to do exactly what Will’s stack does (looks a little different, but that’s ok, I can deal with that), and has the bonus of having been tested with framework stacks like Foundry and Foundation. I’ll give that a go. Thanks.

1 Like

Good stuff to know. I was going off what I’d garnered from Will’s hour long video on the issue, and I was just attempting to hit all the boxes as a result.

And I had directly tried dealing with this through Wil via email (see other post on that).

At any rate this really is a simple thing. I wanted checkboxes for which cookies were to be enabled, Will’s stack had a mechanism to do that, but it didn’t read the cookies when it brought up the pop up and show the current status of them. It shows no cookies are enabled every time you invoke it.

This would lead the user to think they weren’t enabled, when in fact they were.

And that is the issue.

Hi, Mark,

Either you are doing something wrong, or your expectations are wrong.

The Multi-Select Consent works for me.

After publishing and clearing cookies in your browser’s preferences, control-click on a page in your site and select ‘Inspect Element’. Click the ‘Storage’ tab. Then, select ‘Cookies’ in the left sidebar. You must delete all your site’s existing cookies from there.

After this action, MiniCookie should work as advertised.

EDIT: Will just announced MiniCookie 2.3.0

1 Like

@Rovertek Rob:

Being as you have MiniCookie, if you’ve got a minute or two, you could easily verify if it’s something on my end or in general.

If you have his demo project, you can open it and do this:

1 Open your MiniCookie example project.

2 Enter preview mode for the Multi-Select Consent page.

3 Hit Delete all cookies to make the pop up appear.

4 Set any combination of cookies you wish, but turn at least one of them on.

5 Hit save settings. You should see “dismissed_popup” and whatever cookies you had chosen as both present, and true.

6 Delete the “dismissed_popup” cookie to make the pop up appear again.

7 Notice that whatever cookie you HAD set previously is NOT checked, even though it is actually set (which you can see at the upper part of your page).

8 Click Save Settings. The pop up goes away, and even though the checkboxes showed that nothing was set, whatever you previously had set still is.

Or you can download my test project I sent but got returned because he’s blocked my emails.

Either should demonstrate the issue.

After publishing and clearing cookies in your browser’s preferences, control-click on a page in your site and select ‘Inspect Element’ . Click the ‘Storage’ tab. Then, select ‘Cookies’ in the left sidebar. You must delete all your site’s existing cookies from there.

Yup, had done all that myriads of times. Very conversant in the developer tools menu at this point, down to stepping through lines of script, setting breakpoints, cookie editing etc. I had the latest version of MiniCookie prior to the new release.

After days of fighting with it and being told by Will he’ll no longer deal with me because I apparently haven’t spent enough money with him to justify the support, I picked up rwProDev’s privacy center, and it’s working just fine. It remembers what options you’d selected in terms of allowed cookies and correctly shows them on subsequent trips into the dialog, which can be invoked via a myriad of mechanisms (buttons, links, etc) without requiring you to delete a cookie just to bring it up.

It allows you to categorize 3rd party cookies so when they are present they’ll show in the appropriate global bucket you’ve assigned them to, has a script pre processor to assist with loading 3rd party scripts, already supports Aria labels and a raft of other other stuff I’ll probably never need or use. It does do the one core thing I couldn’t get MiniCookie to do, which is show what had been enabled previous when you bring the Multi-Consent popup up.

It’s been tested with Foundry and Foundation, which kinda matters to me (Foundry / Alloy), and they said if I had any issues with that to let them know and they’d get it fixed vs. “I don’t make enough money off this stack to have to learn how other stacks work”.

So issue solved, and I can get back to finishing this site.

Tried your test project with Minicookie 2.2 and see what you were getting at. Just updated to Minicookie 2.3, and that issue seems to have been fixed as the checkmarks are present when the Delete button is pressed.

It’s not the way I would have done it, I’d have used the cookie display table instead to let users see what they have and what they want to delete.

Sorry to hear that things weren’t resolved and it ended not so well. However, glad that you’ve found an alternative that does what you need it to do :grinning:

Yeah, just checked it and it’s fixed now. Crying shame I lost days attempting to prove it was actually broke only to get blocked by Will in the process.

A few hours in with PrivacyStack at this point.

I’m finding there’s some difference to approaches between MiniCookie and PrivacyStack.

PrivacyStack breaks the various cookies (yours and 3rd party ones) into categories (you’re allowed six, including the “Strictly Necessary” category (although you can rename the categories however you’d like, and use as few or as many as you need).

You add the cookies to the stack as a list, and for each one assign it to which of the categories it falls under. When you bring up the consent manager you can not only show the categories similarly to what Multi Consent does but optionally list the actual cookies that are present under that category in an accordion type dropdown under the category and delete them right there if you wish, which is kind of handy.

I hadn’t opted to use MiniCookie’s table format, as a large % of the visitors to this site will be on phones to take advantage of the AR “show this product in my yard” stuff, and the table just doesn’t come off well on a small screen phone in portrait mode.

I was also needing to use Joe’s Agent to figure out what flavor of screen was present to use two different instances of the MiniCookie just to get the Multi-Select to display correctly on small phones in portrait.

Privacy Stack does the conditional display of content a bit differently, as the conditional test isn’t on the presence or absence of a given particular cookie by name, but rather the user allowing or disallowing one of the aforementioned cookie groups, and I can see where that would be handy in cases where a given option allowed may allow the display of content that MAY write a given cookie, but the content in question may or may not write a specific cookie consistently depending on what the user does in the iFrame.

This could result in some If -Then content display conditionals to not really have the correct value to work with as the cookie in question may not always beig written.

It’s a minor difference from an implementation approach standpoint but one that could head off some edge case issues before they surface, as we’re looking at it from “do I have the ok to show this stuff” vs. “I did show it but did the user do what they needed to do in the iFrame to force the write of a cookie I need to see to show it again” kinds of things.

The other difference I’ve found is once you define a cookie and categorized it in privacyStack, you can also optionally give it a text string to explain just what the hell it actually does, which will show up to the end user and allow them to make a more informed decision about whether to keep it or if they can safely nuke it. Not a big deal for site author defined cookies as I’d tend to think we’d all be picking self documenting names for them, but useful for the __ga__RDE856G1BC type crap that comes down the pike from Google and other 3rd party api written cookies.

You can also (optionally) define a “Vendor” field for a specific cookie that will show up in the table so the aforementioned squirrelly named google cookies could all show up in the table with “Google” under the vendor name. This Makes it easier for the end user to see the cookies that the site itself has written vs. stuff brought in by scripts and API’s. That bit was a nice touch and they put a bit of thought into that aspect.

It also has a icon you can put on screen to bring up the dialog whenever you’d like to make changes. I probably wouldn’t put it on a finished site (would do that from a text link in the footer or on the privacy policy page via button, but it’s proven handy so for for testing.

The UI presentation on the setup is a different approach as well. Rather than a super long never ending scroll to the bottom for every setting in the entire stack, it’s contextual. So if you’re working on the cookie consent aspect, it filters the parameter list to those that are applicable to that section, and the same goes with the privacy settings modal (the sort of hybrid Multi-Consent and cookie table rolled into one), the cookie list itself, ect. With nothing but the main stack selected you can set all the default colors / borders / styling stuff for the whole stack at a go, and the component stuff will inherit that unless you check a local override for that section.

One thing I’ve found that neither MiniCookie nor PrivacyStack (or any others from what I’ve seen) address very well is the sandbox development mode. Dunno about your folks but I don’t deploy anything to a domain enabled server until I’ve beat the crap out of it in a sandbox. As a result you can’t set this stuff up for secure cookies / real domain names etc during development as the just won’t work right.

It’d be nifty as hell to have a “development / deployment” option where you could define a your test domain (192.168.x.x or whatever your local test server is) and the real thing for deployment and have it keep track of the cookies that needed to be secure at deployment time and uncheck those for sandbox mode. It’d save a LOT of diving through the UI’s to change all that stuff and one less point of failure for when you do finally deploy for real.

Still getting my feet wet with all this stuff as I’ve been away from web development work for a really long time (last go rounds were all pre HTTPS and “responsive” wasn’t’ even in the vocabulary, let alone a thing if that gives you any clue. Heh. Old Phart’s 'R Us.

1 Like

This post was flagged by the community and is temporarily hidden.

FWIW, I’ve found @willwood to be very responsive and helpful - not to mention very patient, even when the issues I’ve had were 100% self-inflicted.

2 Likes

Lucky you! It appears some he has zero patience for.

This post was flagged by the community and is temporarily hidden.

2 Likes