Comments

Marcin Pajdzik’s picture

Yes, it is intentional. As it says on the pop-up: "By clicking any link on this page you are giving your consent..."

We could however make it optional and then the admin could decide if continuing browsing their website means that visitor automatically accept cookies. What do you reckon?

david.riches’s picture

Ah i see. Yeah that would be a nice option.

Marcin Pajdzik’s picture

Title: Cookie accepts when i don't click on the button » Accepting cookies by visitors who continue browsing the website should be an option rather than a feature
Category: bug » feature

Ok, changed to a feature request.

Marcin Pajdzik’s picture

Assigned: Unassigned » Marcin Pajdzik
midkemia’s picture

We could however make it optional and then the admin could decide if continuing browsing their website means that visitor automatically accept cookies. What do you reckon?

Would allowing a user to continue browsing without consent be contrary to the regulations if a cookie becomes set? Probably.

The original "By clicking any link on this page you are giving your consent..." Makes it clear that the user is giving their consent if they click a link.

joachim’s picture

> We could however make it optional and then the admin could decide if continuing browsing their website means that visitor automatically accept cookies.

How do you then handle that? AFAIK getting Drupal to not set any cookies at all is going to require some deep mangling of core.

Marcin Pajdzik’s picture

Status: Active » Postponed

Ok, I am postponing this one for now.

dagomar’s picture

Just wanted to add my 2 cents to the discussion:

from what I understand from the dutch implementation of this law (effective 1 July) this behavior will not be accepted. The law states that people have to explicitly give permission, so this unobtrusive method doesn't pass that qualification.

That being said, I want to compliment the efforts being made so far, kuddo's!

dagomar’s picture

I'm not sure if i'm messing up the issue cue here but i want to quickly post this idea as a reminder to myself, perhaps it's helpful;

I think in most cases the google analytics tracking code is what u need to ask permission for. So, google analytics module gives the possibility to put in custom code, why not do the check there (manually); something like this would work, right?:

if (Drupal.eu_cookie_compliance.hasAgreed()){
var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-xxxxxxx-xx"]);_gaq.push(["_trackPageview"]);(function() {var ga = document.createElement("script");ga.type = "text/javascript";ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0];s.parentNode.insertBefore(ga, s);})();
}

I didnt check but perhaps google analytics module provides a hook for the output in which case this module could encase any output from GA with the condition.

Marcin Pajdzik’s picture

Yes, this is how it can be used. I linked to your comment from the project page. Thanks.

SeaJay Designs’s picture

Could this please, at the very least, be made optional?

It's a brilliant little module but I'm not willing to use it on any live sites as I feel it's tricking the user into giving their consent.

I have a load of D7 sites that I'd love to use it on. So if you could add an option to disable the 'click on any link to give consent' feature I would be very grateful.

Thanks

nickbits’s picture

Status: Postponed » Needs review
FileSize
19.98 KB

Hi All,

I have create the required feature. It adds and extra checkbox in the admin area. Tick that box and clicking any link will assume the visitor has confirmed they are happy with cookies. Un-tick the box and the message will remain (i.e. un-acknowledged) until they click the button in the box.

I have not had time to create a patch, will do so later.

Nick

Marcin Pajdzik’s picture

Hi Nick, that's brilliant. We are all busy with this cookie law and hence any help is much appreciated and any input that goes into the module will be properly attributed. If you have the time to create a patch later on, I will add it to the next release.

cheers,
Marcin

nickbits’s picture

Hi All,

Have attached a patch file for the 6.x dev branch. It works on mine, or appears to, on my test server. If you go to the admin settings for the module you should see a new checkbox appear. Putting a tick in it will mean that a visitor clicking any link is okaying the cookies, which is the current action. Leave the tick out and you specifically have to click yes to allow cookies.

The code has not been thoroughly test, would appreciate others checking it and giving feedback. If all is okay, can I suggest committing it to the project?

Final comment, do not use on production machines, test it!

Regards,
Nick

nickbits’s picture

Reply to #13 - No problem, not too worried about credit. The faster we can get this Cookie thing sorted the better. Outside the scope of this, but probably something that needs to get into the core of 8.x.

midkemia’s picture

Assuming this is implimented, the default setting should not affect current installations, by requiring the user to make chamges to settings during module update. As it places a risk that it may be missed. Automated change would be acceptable.

The default setting should be set to assume that clicking a link has confirmed they are happy with cookies.
This would probably be the safest option as if a user continues to browse, drupal may place further cookies on their computer, which is contrary to regulations. Neither option is good, but this is probably least bad.

nickbits’s picture

Reply to #16 - good point, will change it so box is checked by default. Won't be until morning, will put another patch file up when done. I am reading suggestions that UK has relaxed the legislation and that implied concent, I.e. a pop up and then clicking any link will be okay. Just so vague... Anyway, will make required change and upload in the morning...

Nick

midkemia’s picture

Have a look at www.channel4.com , they have a banner like this module, though it does not dissapear on link clicking (as you suggest). I must say their wording might give visitors the wrong impression of cookies on all websites.

I really wonder in the long run which will be the more serious breach.
Allowing a visitor to continue browsing a site having not accepted, but still placing cookies
or
Automatically accepting if they do decide to continue browsing

I spoke with the ICO a few times of late and picked up on a few things, many smaller sites, for example family sites on shared hosting, may not even know of the requirement. Then there are those like us, who are looking for guidance from the big sites (aka steal ideas), many who have done nothing. Basically we need to show we are doing something, to avoid the fines, and just get a notice.

In reality the Internet v0.1 users will probably just accept as the have no real idea of what it all means!

One thing I did pick up, which starts to make the whole thing a joke is , in a case like my site, I have a few pages in non English (book synopsis). As people could land on them from Google, I should according to the ICO provide cookie info in that language, a language I do not know and can not read !

Another thing to consider is setting a P3P policy for the website.

nickbits’s picture

Reply to #18, all good points, head over to the general forums and you will see a lot more comments along these lines.

Reply to #16, I have attempted to have the checkbox on by default. At present with the patch above it works, leave the box empty and save and it is fine. Put a tick in the box, save and it works. I attempted to have the tick on by default by changing, in eu_cookie_compliance.admin.inc, the line:

'#default_value' => ($popup_settings['clicking_confirmation']) ? $popup_settings['clicking_confirmation'] : 0,

to

'#default_value' => ($popup_settings['clicking_confirmation']) ? $popup_settings['clicking_confirmation'] : 1,

The strange thing is that it doesn't work, the tick is there all the time. Take the tick out, save and it remains ticked. Obviously I am missing something, anyone care to point out what I have done wrong? I have also tried using checked="checked" but get the same.

Regards,
Nick

Marcin Pajdzik’s picture

May I ask you what your view is on this one: http://drupal.org/node/1593568 ?

joachim’s picture

Status: Needs review » Needs work
+++ b/eu_cookie_compliance.admin.inc
@@ -26,6 +26,13 @@ function eu_cookie_compliance_admin_form($form_state) {
+    '#description' => t('Tick this box if you want clicking any link to also assume the user accepts the cookie policy. Please edit text box below adding/removing *** By clicking any link on this page you are giving your consent for us to set cookies. *** as required.'),

No need to say 'Tick this box' in UI help text; it's redundant.

> Leave the tick out and you specifically have to click yes to allow cookies

How are you accomplishing that?
What happens with this setting off if the user does click a link? How do you prevent Drupal from setting any cookies whatsoever?

nickbits’s picture

Reply to #21...

We wanted the tick to be there by default as that is the current action of the module. Thus having the tick by default means that people upgrading a drupal site that are already using this module will not see any change in behavior. That is why we wanted the tick by default.

As for how we are doing it, please see the code.

With the tick off, then the "has user agreed" JS variable/setting will not return true and the pop-up will continue to appear.

As for "How do you prevent Drupal from setting any cookies whatsoever?" that is beyond the scope of this module. You may want to look at the no_anon module.

nickbits’s picture

Hi All,

Believe this is it. Patch against drupal 6.x-dev branch. At present this is what happens:

1. New checkbox appears on admin - checked by default which means that clicking any link will assume the visitor accepts the cookie policy.

2. take the tick out, any the visitor has to specifically click the "Yes" button to accept the policy. That pop-up will appear on every page, so it is a little more intrusive, UI wise, but until we have clear cut guidelines, probably the safest method to use.

As per the module description, nothing else happens, it is up to you to add the rel. code to you theme/module to set your cookies.

Please test and give constructive feedback...Let us know if it works as intended on your system, if it does we can get it committed to the module.

Nick

joachim’s picture

> We wanted the tick to be there by default as that is the current action of the module. Thus having the tick by default means that people upgrading a drupal site that are already using this module will not see any change in behavior. That is why we wanted the tick by default.

My point isn't about the default behaviour of this form element, but about the UI text. Text such as 'tick this' or 'select this' is redundant.

nickbits’s picture

Reply to #24, okay, fine, text is changed any way. More worried about getting it working at this point, but point noted.

nickbits’s picture

Status: Needs work » Needs review
Marcin Pajdzik’s picture

Status: Needs review » Needs work

Hi Nick,

Thanks for the code. It works as expected.

The only problem is that if I upgrade the module the additional variable is not set and hence giving consent by clicking is disabled until you go to the admin form and submit it. I added an extra line that checks if the additional variable is set and if it is not I assume it is TRUE. That should solve the problem.

The patch is now committed to the 6.x-1.x branch.

nickbits’s picture

Status: Needs work » Closed (fixed)

Hi Marcin,

Excellent, sorry, so many things going on I never thought of double checking that. Anyway, always glad to help. Since this has now solved the original issue, will close this issue.

Nick

achton’s picture

Status: Closed (fixed) » Active

I must admit, I don't see the point of this feature being optional. If a user continues to use the site without accepting the policy, the cookies are sent, right? So your site would (probably) not be following the directive.

If the "Consent by clicking"-option is disabled, would it not be better to intercept all clicks on the page until the policy has been accepted? Possibly adding a greyish overlay to the site until then?

If the option is enabled, current functionality should suffice.

Marcin Pajdzik’s picture

Version: 6.x-1.x-dev » 7.x-1.x-dev

I must admit, I don't see the point of this feature being optional. If a user continues to use the site without accepting the policy, the cookies are sent, right? So your site would (probably) not be following the directive.

Sites may want to block cookies in other modules so although this module does not block cokies, we do not assume that cookies are sent.

This feature has to be ported to 7.x-1.x

achton’s picture

We can easily assume that cookies are sent. Even if we consider only core itself, there are session cookies being set, as well as has_js (unless you are using Pressflow) and contact form cookies, AFAIR. Using EUCC without enabling this option is misleading the users (at best).

We should reconsider the behavior of the module so that it adheres to the directive regardless of which options are enabled.

But that may be for another issue.

Marty2081’s picture

Status: Active » Needs review
FileSize
5.09 KB

I had already made the same functional change on the 7.x-dev branch (with different naming though). I found this issue afterwards.

Here is my patch.

[EDIT] Forget this patch, it contains an error. See #33 for a new patch.

Marty2081’s picture

Patch with error corrected:

SpadXIII’s picture

Just applied patch #33 (to the latest release; 1.8), and it seems to work fine. Thanks!

Marty2081’s picture

Well, it's actually a patch on the dev version, but nice to know that it also works on the 1.8 release :)

Marty2081’s picture

I found out that the previous patch file in #33 does not apply to the current dev version anymore, so I rerolled it. See attached patch file.

[EDIT] Forget this patch, it also contains a change to open the more information page in the same window instead of in a new window . See #37 for a new patch.

Marty2081’s picture

And a new patch without the "new window to same window" change.

Marty2081’s picture

I don't know what is wrong with me today, but the patch in #37 misses the JS changes. So this is the final patch file for today. Sorry for polluting the thread (I cannot find an option to remove comments or wrong patch files):

philipz’s picture

#38 did not apply for me anymore. Here's a patch after applying manually.

Rob C’s picture

#39 works great, my next feature request would be to add somekind of custom effect (fadeout/scroll to top/whipe/whatever) + timeout, but this patch already made my day :) Thanks! Patched 7.x-1.8.

Marcin Pajdzik’s picture

Status: Needs review » Closed (fixed)
kikko’s picture

Issue summary: View changes

Just for completeness: in Italy, the law says that you accept the cookies clicking on the button or just scrolling the website page. So the setting of the EU Cookie Compliance module is perfect for our legislation. Thanks.
The perfection of the module (for an italian) can be to make disappear the pop up at the scrolling of the page. But I appreciate very much what you have done. Thanks