Accepting cookies by visitors who continue browsing the website should be an option rather than a feature

Yes, it is intentional. As it says on the pop-up: "By clicking any link on this page you are giving your consent..."

We could however make it optional and then the admin could decide if continuing browsing their website means that visitor automatically accept cookies. What do you reckon?

Ok, changed to a feature request.

> We could however make it optional and then the admin could decide if continuing browsing their website means that visitor automatically accept cookies.

How do you then handle that? AFAIK getting Drupal to not set any cookies at all is going to require some deep mangling of core.

Ok, I am postponing this one for now.

Just wanted to add my 2 cents to the discussion:

from what I understand from the dutch implementation of this law (effective 1 July) this behavior will not be accepted. The law states that people have to explicitly give permission, so this unobtrusive method doesn't pass that qualification.

That being said, I want to compliment the efforts being made so far, kuddo's!

I'm not sure if i'm messing up the issue cue here but i want to quickly post this idea as a reminder to myself, perhaps it's helpful;

I think in most cases the google analytics tracking code is what u need to ask permission for. So, google analytics module gives the possibility to put in custom code, why not do the check there (manually); something like this would work, right?:

if (Drupal.eu_cookie_compliance.hasAgreed()){
var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-xxxxxxx-xx"]);_gaq.push(["_trackPageview"]);(function() {var ga = document.createElement("script");ga.type = "text/javascript";ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0];s.parentNode.insertBefore(ga, s);})();
}

I didnt check but perhaps google analytics module provides a hook for the output in which case this module could encase any output from GA with the condition.

Yes, this is how it can be used. I linked to your comment from the project page. Thanks.

Could this please, at the very least, be made optional?

It's a brilliant little module but I'm not willing to use it on any live sites as I feel it's tricking the user into giving their consent.

I have a load of D7 sites that I'd love to use it on. So if you could add an option to disable the 'click on any link to give consent' feature I would be very grateful.

Thanks

Hi All,

I have create the required feature. It adds and extra checkbox in the admin area. Tick that box and clicking any link will assume the visitor has confirmed they are happy with cookies. Un-tick the box and the message will remain (i.e. un-acknowledged) until they click the button in the box.

I have not had time to create a patch, will do so later.

Nick

Hi Nick, that's brilliant. We are all busy with this cookie law and hence any help is much appreciated and any input that goes into the module will be properly attributed. If you have the time to create a patch later on, I will add it to the next release.

cheers,
Marcin

Hi All,

Have attached a patch file for the 6.x dev branch. It works on mine, or appears to, on my test server. If you go to the admin settings for the module you should see a new checkbox appear. Putting a tick in it will mean that a visitor clicking any link is okaying the cookies, which is the current action. Leave the tick out and you specifically have to click yes to allow cookies.

The code has not been thoroughly test, would appreciate others checking it and giving feedback. If all is okay, can I suggest committing it to the project?

Final comment, do not use on production machines, test it!

Regards,
Nick

Reply to #13 - No problem, not too worried about credit. The faster we can get this Cookie thing sorted the better. Outside the scope of this, but probably something that needs to get into the core of 8.x.

Reply to #16 - good point, will change it so box is checked by default. Won't be until morning, will put another patch file up when done. I am reading suggestions that UK has relaxed the legislation and that implied concent, I.e. a pop up and then clicking any link will be okay. Just so vague... Anyway, will make required change and upload in the morning...

Nick

Reply to #18, all good points, head over to the general forums and you will see a lot more comments along these lines.

Reply to #16, I have attempted to have the checkbox on by default. At present with the patch above it works, leave the box empty and save and it is fine. Put a tick in the box, save and it works. I attempted to have the tick on by default by changing, in eu_cookie_compliance.admin.inc, the line:

'#default_value' => ($popup_settings['clicking_confirmation']) ? $popup_settings['clicking_confirmation'] : 0,

to

'#default_value' => ($popup_settings['clicking_confirmation']) ? $popup_settings['clicking_confirmation'] : 1,

The strange thing is that it doesn't work, the tick is there all the time. Take the tick out, save and it remains ticked. Obviously I am missing something, anyone care to point out what I have done wrong? I have also tried using checked="checked" but get the same.

Regards,
Nick

May I ask you what your view is on this one: http://drupal.org/node/1593568 ?

+++ b/eu_cookie_compliance.admin.inc
@@ -26,6 +26,13 @@ function eu_cookie_compliance_admin_form($form_state) {
+    '#description' => t('Tick this box if you want clicking any link to also assume the user accepts the cookie policy. Please edit text box below adding/removing *** By clicking any link on this page you are giving your consent for us to set cookies. *** as required.'),

No need to say 'Tick this box' in UI help text; it's redundant.

> Leave the tick out and you specifically have to click yes to allow cookies

How are you accomplishing that?
What happens with this setting off if the user does click a link? How do you prevent Drupal from setting any cookies whatsoever?

Reply to #21...

We wanted the tick to be there by default as that is the current action of the module. Thus having the tick by default means that people upgrading a drupal site that are already using this module will not see any change in behavior. That is why we wanted the tick by default.

As for how we are doing it, please see the code.

With the tick off, then the "has user agreed" JS variable/setting will not return true and the pop-up will continue to appear.

As for "How do you prevent Drupal from setting any cookies whatsoever?" that is beyond the scope of this module. You may want to look at the no_anon module.

Hi All,

Believe this is it. Patch against drupal 6.x-dev branch. At present this is what happens:

1. New checkbox appears on admin - checked by default which means that clicking any link will assume the visitor accepts the cookie policy.

2. take the tick out, any the visitor has to specifically click the "Yes" button to accept the policy. That pop-up will appear on every page, so it is a little more intrusive, UI wise, but until we have clear cut guidelines, probably the safest method to use.

As per the module description, nothing else happens, it is up to you to add the rel. code to you theme/module to set your cookies.

Please test and give constructive feedback...Let us know if it works as intended on your system, if it does we can get it committed to the module.

Nick

> We wanted the tick to be there by default as that is the current action of the module. Thus having the tick by default means that people upgrading a drupal site that are already using this module will not see any change in behavior. That is why we wanted the tick by default.

My point isn't about the default behaviour of this form element, but about the UI text. Text such as 'tick this' or 'select this' is redundant.

Reply to #24, okay, fine, text is changed any way. More worried about getting it working at this point, but point noted.

Hi Nick,

Thanks for the code. It works as expected.

The only problem is that if I upgrade the module the additional variable is not set and hence giving consent by clicking is disabled until you go to the admin form and submit it. I added an extra line that checks if the additional variable is set and if it is not I assume it is TRUE. That should solve the problem.

The patch is now committed to the 6.x-1.x branch.

Hi Marcin,

Excellent, sorry, so many things going on I never thought of double checking that. Anyway, always glad to help. Since this has now solved the original issue, will close this issue.

Nick

I must admit, I don't see the point of this feature being optional. If a user continues to use the site without accepting the policy, the cookies are sent, right? So your site would (probably) not be following the directive.

If the "Consent by clicking"-option is disabled, would it not be better to intercept all clicks on the page until the policy has been accepted? Possibly adding a greyish overlay to the site until then?

If the option is enabled, current functionality should suffice.

I must admit, I don't see the point of this feature being optional. If a user continues to use the site without accepting the policy, the cookies are sent, right? So your site would (probably) not be following the directive.

Sites may want to block cookies in other modules so although this module does not block cokies, we do not assume that cookies are sent.

This feature has to be ported to 7.x-1.x

We can easily assume that cookies are sent. Even if we consider only core itself, there are session cookies being set, as well as has_js (unless you are using Pressflow) and contact form cookies, AFAIR. Using EUCC without enabling this option is misleading the users (at best).

We should reconsider the behavior of the module so that it adheres to the directive regardless of which options are enabled.

But that may be for another issue.

I had already made the same functional change on the 7.x-dev branch (with different naming though). I found this issue afterwards.

Here is my patch.

[EDIT] Forget this patch, it contains an error. See #33 for a new patch.

Patch with error corrected:

Just applied patch #33 (to the latest release; 1.8), and it seems to work fine. Thanks!

Well, it's actually a patch on the dev version, but nice to know that it also works on the 1.8 release :)

I found out that the previous patch file in #33 does not apply to the current dev version anymore, so I rerolled it. See attached patch file.

[EDIT] Forget this patch, it also contains a change to open the more information page in the same window instead of in a new window . See #37 for a new patch.

And a new patch without the "new window to same window" change.

I don't know what is wrong with me today, but the patch in #37 misses the JS changes. So this is the final patch file for today. Sorry for polluting the thread (I cannot find an option to remove comments or wrong patch files):

#38 did not apply for me anymore. Here's a patch after applying manually.

#39 works great, my next feature request would be to add somekind of custom effect (fadeout/scroll to top/whipe/whatever) + timeout, but this patch already made my day :) Thanks! Patched 7.x-1.8.

https://drupal.org/node/2071319

Just for completeness: in Italy, the law says that you accept the cookies clicking on the button or just scrolling the website page. So the setting of the EU Cookie Compliance module is perfect for our legislation. Thanks.
The perfection of the module (for an italian) can be to make disappear the pop up at the scrolling of the page. But I appreciate very much what you have done. Thanks