Tracking cookies are small and usually completely harmless files that are created within a web browser and can be used to store data. Typical uses of cookies can include remembering what items somebody has added to a shopping cart, content display preferences, keeping a person logged-into a secure part of a website, passing keywords to a search page, recording contact form inputs between sessions or multilingual language selections (using a stack like RWML). Although sometimes frowned upon, the truth is that the modern internet would greatly struggle to function without the help of cookies. It is almost impossible to build any website that does not make use of cookies somewhere.

Some stacks exist already that can display warning messages about tracking cookies. But they are not all necessarily compliant with newer and more stricter privacy laws. The main issue stems from the fact they use client-side Javascript code; so they still allow potentially invasive scripts and other tracking to load in the background. CookieManager instead approaches the problem with a PHP server-side solution. It works by checking the web browser for the presence of a matching tracking cookie; and only then loads particular stacks, scripts or content on a page.

CookieManager can work in two main ways - it can either set / modify tracking cookies with a button press or it can look for existing cookies and conditionally load parts of the webpage accordingly. Therefore you can effortlessly quarantine stacks, content or scripting that a website user has not given their explicit consent to view or to be tracked through. This is a big part of conforming with new privacy legislation.

CookieManager plays really nicely with other stacks, like FloatingContent, Sticky, or Gateway. We strongly recommend you use CookieManager with one of these for creation of your initial popup message. Messages can be translated into any language using RWML. You can choose to style or word your message however you want; to give assurance to site users that you care about their privacy.

The premium MiniCookie stack is an upgrade over the free CookieManager stack offered for download here. MiniCookie was developed to include its own popup message functionality, styling of the RapidWeaver Privacy Popup, more style options for buttons and has an extended feature set.

If you need to block people from visiting a website until they have confirmed their age or verified acceptance to something, our VerifyStack is able to display a prominent popup window and set a tracking cookie for visitors who pass your verification test.

Example

Here is an example of three CookieManager stacks. One sets the cookie, another deletes the cookie. A third displays content, based on whether the cookie is set or not. Cookies are valid for 30 days, changeable in the stack settings.
 
No tracking cookie was found in your web browser!
Consent not provided by the website user. Until the 'set cookie' button is clicked above, we do not have consent from the user to use non-essential cookies or make use of scripts or outside services that might potentially take personal information.
 

Setup

Follow these instructions for getting CookieManager setup on your website:
  1. Once installed into Stacks and RapidWeaver, drag and drop a copy of CookieManager into your webpage
  2. Change the Setup Mode option, depending on whether you want to delete, set, get or modify visitor tracking cookies
  3. Configure options like the cookie name, value and expiration date
  4. If you are using CookieManager to delete, set or modify tracking cookies, you can customise the button shown to website users
  5. Save and publish your changes when done

The idea of the 'get' configuration is to quickly quarantine parts of your webpage that need to remain hidden until a user has given their consent to view or load that area of the page. A prime example would be to hide a Google® Map, until the website user has agreed to receiving data from Google®; and potentially the transmission of their IP address, location or other data back to Google®. This way, the website user has a lot more control over their privacy.

You can safely use multiple copies of CookieManager on the same page. They can all be configured to look for the same opt-in tracking cookie, which could be created using another CookieManager stack, or a stack like FloatingContent, Gateway, Sticky or VerifyStack.

CookieManager can be quickly setup as a 'partial' and added to multiple pages of a website. If using CookieManager to conditionally display or hide content in 'get' mode, remember to set your page extension to .php in the Page Inspector and delete older .html pages that may already be published at the same location. This is very important to do and should not be ignored. Changing a page to have a .php extension has zero effect on SEO and pages can continue to be previewed with RapidWeaver.

And don't forget that your RapidWeaver theme also needs to be GDPR compliant too! Themes often make use of fonts or libraries that might be coming from other locations. All the free and paid themes provided through ThemeFlood will be using 'local' versions of jQuery and other files before the 25th May 2018 GDPR deadline takes effect. The Stacks plugin can be configured to use local versions of jQuery and Font Awesome icons, in your plugin preferences. Using local versions of all these libraries can help simplify compliance.

Using CookieManager in combination with a popup stack

You would need to use a stack like FloatingContent, Gateway, Sticky or VerifyStack to display the popup message. These stack can either set a cookie when opt-in consent has been received from the user, or you can configure CookieManager within these stacks to set the opt-in cookie, when a user clicks the button.

Then it is a matter of matching-up the same cookie names and values in CookieManager throughout the rest of your website. For example if you gave a Gateway stack a cookie name of cookies_allowed, then you can reuse this cookie ID in CookieManager. Place code or content (like analytics, web video, maps, web fonts and other elements that transmit data) within the 'true' area of CookieManager. These will only be loaded if the user has granted their explicit consent.

The whole setup can be tested in RapidWeaver 7 and above, before you publish your website. Cookies can be viewed and deleted from within the browser developer console.
 

Contribute

If you find this stack element useful in your personal or commercial web projects; please consider making a small contribution towards ongoing support and updates. There are many different ways you can contribute to the Stacks4Stacks project, and benefits for doing so.