Processwire Frontend Cookie Wire

[cwsoft]

Hello all,

is there a way to prevent the creation of the Processwire frontend Cookie wire until the user has confirmed/opt-in to allow technical required Cookies? Not too sure, if the wire Cookie is technical really required for PW to do it‘s job (show frontend stuff, remember layout etc.). In Germany it‘s still a bit fuzzy, what technical required means to a lawyer. So ideally there shouldn‘t be set any Cookie without opt-in by the frontend user, unless it is really technical required. 

Can anybody shine some light on this aspect? For what is the wire Cookie used in the frontend layer, or in other words technical required by the PW frontend? What parts - except admin/backend - of PW wouldn‘t work without that cookie?

Looking forward for some hints on that topic.

[flydev]

Hi,

this 

and this

 

If you want a short and clear preview of lawyers insight of a really big company (website hosted in United Kingdom), check the cookie policy of this Engie website:

https://www.fhc.co.uk/en/about/cookies-policy/

Edited June 4, 2023 by flydev
engie ref

[cwsoft]

@flydevThanks a lot. Exactly what I searched for. Will try to play around with those settings. Regarding lawyers. Interesting post, but stuff may differ in Germany. The lawyer of the company I am working for has a completely different view of what Cookies are technical required and what Cookies are not ?

Cheers.

[netcarver]

@zx80 Check out the $sessionAllow options in the config.php file.  The outline config.php in the wire/ directory documents all the options and outlines how to turn off guest-based session cookies using a callable. This isn't exactly what you asked about but might be a starting point.  I use this method to create a cookie-free public interface on the site I posted about the contact form before. No cookie banner because there are no cookies at all unless you are an admin and know where the admin interface is.

[cwsoft]

@netcarverThanks for your reply. Will most likely deactivate Cookies in frontend, unless you are in admin/backend, or the user checked the confirmation in the frontend form to use CSRF protection. Most likely in combination with a user consent module asking for permission. Your posts and links helped a lot to understand the background to get things done.

[cwsoft]

Hi,

have used the site/config.php $config->allowSession handler in combination with the PrivacyWire module to disable frontend cookies unless the user opt-in to accept technical required cookies for a booking form shown on my frontend w/o user login required. The booking form is not displayed and processed until user opt-in. Instead a message is shown that the booking form requires cookies to work. The other pages can be viewed but with the consent form displayed. 

Once the user opt-in, the PW wire cookie is created and the booking form can be used as normal. Don‘t know if that is really necessary, but that way should be ok with the lawyers out there in EU/Germany. 

P.S.: If Url contains backend path, sessions and cookies are enabled by default. Its just disabled for the frontend guest users by default.