Cookie consent handling in CP

Interesting discussion about cookie consent is going on Advanced WordPress FB group: https://www.facebook.com/groups/advancedwp/permalink/2652382964823901

One thought is relevant to CP, as a business-focused CRM: “I think WordPress core should have a way to deal with this [cookie consent] and set a framework for plugin and theme developers to work with cookies and all the GDPR rules”.

Not sure, it is a right idea, didn’t have a clear vision yet how it should be done. So, I am starting a discussion about cookies handling in CP here. Is it a real problem and how it can be addressed?

3 Likes

AFAIK CP (nor WP 4.9.x, for the matter) DOES NOT set cookies by itself. At least not in the frontend.

Cookies are being stored when you login - else, no reliable login authentification is possible. But that is purely restricted to the administrative part of CP / WP.

Of corpse, if you use something like a shop system, and want any kind of working cart functionality, cookies are a fixed requirement. The same goes for any kind of frontend dashboard / functionality with logins, eg. user-group based educational systems, like LearnDash or Thrive Apprentice, to name just two of them.
Essentially anything that requires any kind of saving data within the frontend has to rely on the usage of some kind of browser session or storage functionality. That may not necessarly be cookies, the other option, which eg. WooCommerce uses for saving its cart data for offline usage, is the HTML5 Local Storage (for an overview, see eg. https://www.html5rocks.com/en/tutorials/offline/storage/).

cu, w0lf.

2 Likes

Easier said than done - in order to work properly this would require all plugins to use this scheme. Not to mention custom code like third-party spywareanalytics whose behavior can be rather difficult to control at this level…

2 Likes

This is why I didn’t have a vision how it should be done. But I see a potential GDPR problem at the same time.

1 Like

A centralized way for handling cookies would be nice.
But even if plugins uses this scheme it should handle lot of things… just as example…:

  • cookie grouping by intent (session, functional, analytics…)
  • users preferences (not only for logged in ones)
  • inform the plugin about their cookie status (a plugin that can not work without cookies has to deal with)
  • display a basic cookie consent
  • fire cookies if consent is given

It could be a developer-catcher function.

But if I have to choose where that big amount of time has to be spent, I’ll prefer a centralized management of PWA-related stuff, like service-worker.

1 Like