javascriptcookiescookieconsent

JS - Cookie management


I made this little code using JS to disable cookies:

$(document).ready(function() {
  var cookie_settings = getCookie("cookie-settings"); //Main cookie which contains cookie preferences
  var cookie_selector = document.getElementById("cookie-selector"); //Modal for cookie selection
  var g_recaptcha = document.getElementById("cookie-g-recaptcha"); //Example checkbox cookie
  var g_tag_manager = document.getElementById("cookie-g-tag-manager"); //Example checkbox cookie
  var messenger_plugin = document.getElementById("cookie-fb-mccp"); //Example checkbox cookie
  var g_analytics = document.getElementById("cookie-g-analytics"); //Example checkbox cookie
  var cookie_set = document.getElementById("cookie-set"); //Button to save preferences
  if (cookie_settings == null) { //Check if main cookie exist
    $(cookie_selector).modal({
      backdrop: 'static',
      keyboard: false
    }); //If not exist, open cookie selector modal
  } else {
    var cookie_settings_raw_values = getCookie("cookie-settings"); //read and save main cookie in var
    var cookie_settings_values = cookie_settings_raw_values.split('&'); //save main cookie content in array
    if (cookie_settings_values.includes(g_recaptcha.id)) {
      //If array contains recaptcha example include it
      //for example append in head -> $('head').append('myscript');
    }
    if (cookie_settings_values.includes(g_tag_manager.id)) {
      //same
      //for example append in head -> $('head').append('myscript');
    }
    if (cookie_settings_values.includes(messenger_plugin.id)) {
      //same
      //for example append in head -> $('head').append('myscript');
    }
    if (cookie_settings_values.includes(g_analytics.id)) {
      //same
      //for example append in head -> $('head').append('myscript');
    }
    //or you can remove else condition and manage this part from php
  }
  $(cookie_set).click(function() { //on save preferences click
    var selected_cookies = [g_recaptcha.id, g_tag_manager.id]; //make array and include required cookies
    if (messenger_plugin.checked == true) {
      //if messenger plugin example checkbox is checked push it's reference in array
      selected_cookies.push(messenger_plugin.id);
    }
    if (g_analytics.checked == true) {
      //same for the other optional checkboxes
      selected_cookies.push(g_analytics.id);
    }
    var expiry_date = new Date();
    expiry_date.setMonth(expiry_date.getMonth() + 6); //expiration date 6 months in my case, you can set what you want
    document.cookie = document.cookie = "cookie-settings=" + selected_cookies.join('&') + "; expires=" + expiry_date.toGMTString(); //make main cookie with required and optional selected checkboxes (the deadline is 6 months after the creation of the cookie)
    location.reload(); //reload page
  });
  //get cookie by name
  function getCookie(name) {
    var document_cookie = document.cookie;
    var prefix = name + "=";
    var begin = document_cookie.indexOf("; " + prefix);
    if (begin == -1) {
      begin = document_cookie.indexOf(prefix);
      if (begin != 0) {
        return null;
      }
    } else {
      begin += 2;
      var end = document.cookie.indexOf(";", begin);
      if (end == -1) {
        end = document_cookie.length;
      }
    }
    return decodeURI(document_cookie.substring(begin + prefix.length, end));
  }
});
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>

My question is it enough to disable third-party cookies?

Not including the scripts if the user does not accept cookies, do the stored ones become useless? Does the site comply with the GDPR?

If not, do you have any other valid alternative to propose that is not the use of third party codes?


Solution

  • Most of the websites, which are trying to be GDPR compliant are not loading any of these scripts by default (as you probably do). First they show a popup, if a user wants to load e.g. tracking cookies and if the user agrees they will be loaded. The configured setting which services should be loaded / what the user has selected will then be stored either in a cookie or e.g. the localStorage.

    So yes, your site seems to be GDPR compliant when we take a look at the approach how you load the external scripts.