Compliance Web

Cookies — properly managed by bootScore

/ by Karsten Reincke | Leave a comment

Dis­play­ing an appro­pri­ate cook­ie dia­log is one thing. Giv­ing it a real mean­ing is anoth­er. Because ask­ing per­mis­sion alone is not enough. We also need to eval­u­ate the respons­es: We must only store those cook­ies on our read­er’s com­put­ers they — or the law — have con­sent­ed to. A JavaScript func­tion that imple­ments this require­ment sets the seman­tics of the cook­ie dia­log. Based on such a func­tion, we use prop­er­ly man­aged cook­ies.

The plu­g­in bs-cook­ie-set­tings itself only pro­vides us with the cook­ie query. How to acti­vate this, I had already described in a pre­vi­ous post. How­ev­er, the bootScore devel­op­ers leave the imple­men­ta­tion of the cor­re­spond­ing seman­tics to the respec­tive web design­er. Here is a vari­ant that can be freely reused:

[ en | de ]

Solution

  • Down­load the JS cook­ie library from cdnpkg.com (or wher­ev­er) and place it (unpacked) under the name js/js.cookie.min.js into your child-theme fold­er.
  • In your file functions.php extend the func­tion bootscore_child_enqueue_styles() by the line
wp_enqueue_script('js-cookie',get_stylesheet_directory_uri().'/js/js-cookie-min.js', false, '', true););
  • Expand the file js/custom.js of your child theme in the fol­low­ing man­ner:
jQuery(function ($) {

  $(document).ready(function(){
    const bsCookieSettings='bs_cookie_settings';
    const analytics = 'analytics';
    const advertising = 'advertising';
    const analyticDemoCookie='bsAnalyticCookie';
    const advertisingDemoCookie='bsAdvertisingCookie';
    const necessaryDemoCookie='bsNecessaryCookie';
    const demoCookieValue='demo-cookie';

    // alert("adding cookie writing algorithm");
    const bsv=Cookies.get(bsCookieSettings);
    if (bsv) {
      const allowedCookies=JSON.parse(bsv);
      // alert(allowedCookies.level);

      if (allowedCookies.level.includes(analytics)) {
        // alert("writing analytic cookies");
        if (!(Cookies.get(analyticDemoCookie))) { 
          Cookies.set(analyticDemoCookie, demoCookieValue, { expires: 100, path: '/' });
        };
      };
      if (allowedCookies.level.includes(advertising)) { 
        // alert("writing advertising cookies"); 
        if (!(Cookies.get(advertisingDemoCookie))) { 
          Cookies.set(advertisingDemoCookie, demoCookieValue, { expires: 10, path: '/' });
        };
      };
      // alert("writing necessary cookies"); 
      if (!(Cookies.get(necessaryDemoCookie))) { 
        Cookies.set(necessaryDemoCookie, demoCookieValue, { expires: 14, path: '/' });
      };
    };
  });

  // Do your other stuff here

}); // jQuery End

Background

We could set and eval­u­ate cook­ies with native JavaScript. Nev­er­the­less, it’s eas­i­er with ready-made libraries. Word­Press already brings jQuery with it. For using that, bootScore offers us a way to add cus­tom JavaScript/jQuery func­tions to our bootScore child theme.

There used to be a real jQuery-Cook­ie-Plu­g­in for cook­ie man­age­ment. This has since been archived and migrat­ed to an inde­pen­dent js-cook­ie-JavaScript library. To use that, we must down­load it and place it into the JavaScript fold­er of our child theme — under the name js/js.cookie.min.js. As described above, we also must enforce the func­tion bootscore_child_enqueue_styles() of our file functions.php to load that library.

Even­tu­al­ly, we should imple­ment an algo­rithm for eval­u­at­ing the cook­ie set­tings by expand­ing the file js/custom.js. That algo­rithm should work like this:

  • First, we try to read the cook­ie bootScore-Cook­ie-plu­g­in stores under the name bs_cookie_settings.
  • If it does­n’t exist yet, our read­er has­n’t agreed to use cook­ies. So we are not allowed to write any yet.1
  • Once our read­er has ‘con­firmed’ the cook­ie dia­log to what­ev­er extent, the bs cook­ie plu­g­in stores the cook­ie bs_cookie_settings. Its val­ue con­tains a JSON object:
{  "level": 
    [   "necessary",
        "analytics",
        "advertising"
    ],
    "revision":0,
    "data":null,
    "rfc_cookie":false
}
  • Thus, we must parse that JSON object before we can — on the JavaScript lev­el — access the list of allowed cook­ie groups via allowedCookies.level and use the method includes of a list object to query which of the cook­ie groups nec­es­sary, ana­lyt­ics, and /or adver­tis­ing our read­er has allowed us to write.
  • And for each allowed group we now may write the cor­re­spond­ing cook­ies.2

And a last hint: JavaScript mod­i­fies pages dynam­i­cal­ly. But the cache stores the respec­tive results. Thus, some­times it’s help­ful if we delete the cache for get­ting the results of our mod­i­fi­ca­tions run.

And how does this …

… sup­port our migra­tion to bootScore? Well, besides her nor­mal design work, the web-design­er must deal with some legal require­ments, as — for exam­ple — those of the DSGVO pri­va­cy, of hav­ing a cook­ie con­sent dia­log and the respec­tive seman­tic, of hav­ing a data pri­va­cy page, an imprint, an image ref­er­ence page, and a FOSS com­pli­ance page. This post shall sup­port you to man­age your legal issues.

  1. Yes, for­mal­ly we may write the tech­ni­cal­ly nec­es­sary cook­ies with­out our read­er’s con­sent. But before we do that, we must inform her that we are going to do so. And the only way to con­vince our­selves that she has indeed read it is to wait for the writ­ten cook­ie. []
  2. where­by we refer to the legal per­mis­sion for the tech­ni­cal­ly nec­es­sary cook­ies []
To top