Magento Question posted in
The official documentation can be found here.

How to disable cookies in a generic way till cookies are accepted by user – Magento

Is there a fancy way to disable cookies untill the user accepts them?

Following Problem: I have a webshop which uses quite a lot cookies and in order to be GDPR conform we need to “disable” cookies untill the user has accepted them. I do not want to rewrite the whole shop system and therefore I am searching for a generic solution.

My aproach is:

  • unset all set-cookie headers sent by our server (via nginx or php)

But there are still some problems:

  • how can I prevent external sites from setting cookies without completely removing them (bing, google, fb, ..)
  • how can I prevent javascript from setting cookies without modifying all javascript sources (is it possible to override the browser functions so you can’t set cookies via JS)
Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    For disabling JS-Cookies you may use:

    if(!document.__defineGetter__) {
Object.defineProperty(document, 'cookie', {
    get: function(){return ''},
    set: function(){return true},
});
} else {
    document.__defineGetter__("cookie", function() { return '';} );
    document.__defineSetter__("cookie", function() {} );
}

  2. 0

    If GDPR compliance is your concern, just removing cookies won’t be enough. You need to disable any tracking scripts collecting personally identifiable information (PII).

    I recommend moving all tracking scripts to Google Tag Manger, and using the methods outlined by Simo Ahava. Guide 1 and Guide 2. His methods don’t work great for tracking tags that aren’t Google, but with a custom trigger you can stop anything.

    That being said, if you do just want to remove cookies, this should do it.

    function deleteCookies() {
    var theCookies = document.cookie.split(';');
    for (var i = 0 ; i < theCookies.length; i++) {
        document.cookie = theCookies[i].split('=')[0] + '=; path=/; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
    }
}
    Login or Signup to reply.
  3. 0

    My approach (not entirely an answer to your question, but perhaps an alternative to yoru question) is to tell the users that my site has cookies, and they have to ‘deal with it’ if they want to continue to use my site. Of course, this may not work for your site.

    I put a notice at the top (with code from https://cookieconsent.insites.com/ as a start), which will show on all pages until they accept (explicit consent from them).

    You could use a button to delete all cookies, but then you can’t use my site until you accept them again. But that protocol will keep me in compliance.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search