Cookie compliance

  • Resolved esspeedee

    (@esspeedee)


    6 years, 3 months ago

    Hi,
    I note that the WPAS plugin sets a cookie immediately when visiting a site, called _wpas_session.
    From a compliance perspective, I would rather not have the cookie set until the visitor has actively consented.

    Being an intermediate level dev, I’ve been researching a method to control the placing of this cookie. I am happy code something, but I am kinda assuming that this would already have been addressed for GDPR.

    I tried a test using the sample code at https://developer.getawesomesupport.com/documentation/hooks-and-filters/wpas_initiate_session_flag/
    but that filter doesn’t seem to stop the cookie from being set. The available documentation doesn’t actually say it would, so I may have the incorrect filter.

    Anyway, I an assuming there is already a proven method for controlling this cookie (given GDPR). But I cannot locate anything.

    I’d be very grateful for any guidance on how to control the setting of this cookie.
    Thank you all.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Yeison Baron

    (@yeisonbp)

    6 years, 3 months ago

    Hi @esspeedee,

    This link might be useful for what you’re looking for:

    https://getawesomesupport.com/documentation/awesome-support/cookies/

    Regards.

    Thread Starter esspeedee

    (@esspeedee)

    6 years, 3 months ago

    Hello @yeisonbp,
    Thanks for that link. I had already seen that one, but it sadly does not help too much.

    The BIG issue for this plugin (in relation to GDPR and cookie compliance) is that it drops a cookie immediately, and without consent. Being able to delete a set cookie is not the same as not setting it.
    I think cookie compliance is going to be the next big headache for EU websites.

    The wpas documentation provides a number of API calls that (would appear to) prevent the session being established. However that cookie still places. So either the API is unclear or faulty of the cookie will be set even though no session is established. Why, I don’t know. I was hoping for some answers from wpas but nothing is forthcoming. Not very awesome 🙂

    My long-term solution, therefore, is to drop this plugin and find something else that works better.

    In case anyone is interested, I have coded sort of a fix, using a cookie bar acceptance plugin. What happens is this:
    1) The visitor lands on a welcome page, and wpas drops its session cookie.
    2) If there IS a compliance cookie set, then I expose the wpas “[tickets]” as usual.
    3) If there is NOT a compliance cookie, I delete the wpas session cookie, and hide the wpas “[tickets]”.

    The result is that the visitor has to accept cookie compliance before they get to the wpas tickets, and no cookie is evident.

    The only “gotcha” is that the wpas cookie is set, but immediately removed. This means that the solution is not entirely GDPR compliant because the cookie is actually set albeit only for a fraction of a second.
    But the solution works, for the moment.

    I hope this approach might help others.

    Thanks again for the response and link. Much appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Cookie compliance’ is closed to new replies.

Tags