Plugin Author
Phil
(@philsbury)
Hi @ate-up-with-motor,
I think we’ve talked about this before, but happy to give an overview here as it’s useful for you and anyone else finding the topic.
No information is stored by the plugin long term except in a couple of cases (remember me, or if using the additional user registration plugin which has the option to).
When a user passes the test, their age (not DoB) is stored in a cookie. I would argue this isn’t personally identifiable but that is only in the context of the plugin as any given site may hold other user data that then makes age more identifiable. There’s a good post by the people who made Contact Form 7 about plugins and GDPR compliance, but I digress.
The age is stored as Age Gate has the option to set different ages on different content.
There’s essentially two options to not store the users (correct) age.
- Use Yes/No buttons. This adds the required age to the cookie, not the users actual age. This option allows you to still have different ages for different content. The user would be rechallenged when looking a a page/post with older requirement.
- The second option is to use Anonymous Age Gate which was added in 2.0.4. This will set the cookie to just 1 if passed. The knock on affect here is you can’t use variable ages, but if you don’t need that then this is the best option. This setting is in the Advanced settings for the plugin
Definitely a good call for an FAQ topic for that, I’ll add it in the next release.
Cheers
Phil
Thanks! I appreciate the comprehensive answer.
Oh, you bring up a closely related question: If the user clicks “Remember me,” the age or value is still just stored in the cookie, right?
What are the cookie durations for the plugin?
Plugin Author
Phil
(@philsbury)
Yes it is. Remember me just sets the same cookie for longer – by default it expires at the end of the session.
The length of time “remember me” lasts is up to the site admin. The default on install is 365 days but it could be anything you wanted it to be.
Displaying the remember me is also optional so can just be disable if you don’t want them to do that.
Of course as above, options 1 and 2 still apply with the remembered age.
Thanks
Phil
Okay, so I could, for example, set the anonymous option to make the cookie value pass/fail and set the remember me duration to a week or 14 days? That’s great.
Two other questions: What are the names of the validation cookies used? (I can figure this out through testing, but it would be helpful for the FAQ.)
Second, does the anonymous mode work with user registration? That is, can I require that new users complete age validation upon registration, but then just record “yes/passed” rather than storing their ages or birth dates in the database?
Plugin Author
Phil
(@philsbury)
The cookie is called age_gate. In some scenarios and second cookie is set called age_gate_failed which just holds a 1 value. This is used when the “Rechallenge” option is set to off and allows returning users who have failed the test to not get the option to try again. That expires at the end of the session.
For user registration, it will always check the users DoB rather than use a yes/no but it doesn’t store that information anywhere unless you set it to in the settings. Storing it would be useful in say a shop where you want to check their age but not recheck for existing customer.
Hope that helps
Ta
Phil
So, if Rechallenge is OFF and the verification fails, it sets age_gate_failed so they can’t try again? If Rechallenge is ON and verification fails, does it just not place the age_gate cookie?
With user registration, do the settings allow you to control WHAT is saved? For instance, can it be set to save the user’s actual age instead of their DOB? (That might be preferable from a privacy standpoint, since DOB is probably the more sensitive information and more valuable to a hacker or identity thief.)
If a new user fails the validation check when trying to register, I assume the plugin causes the registration to fail, is that right? So, if I have only one age requirement across the board, there wouldn’t be any need to save the DOB/age for users, since they wouldn’t be able to register at all if they aren’t at least that age.
(Sorry for all these questions — the recent spate of privacy laws is making it important to sweat these minor details! I really appreciate your taking the time to spell it out, and I wish more developers would do the same so I didn’t have to try to piece it together through experimentation.)
After poking around the settings a bit more, let me reframe the previous question like this:
Does checking “Ignore logged in” automatically cause new users to be prompted to enter their dates of birth upon registration? Or does that require a different setting I’m not seeing, or separate plugin or add-on?
If checking “Ignore logged in” does prompt new users to enter their DOB, is that information automatically stored in the database, or is there a further option to control that retention? If the DOB is stored, where is it stored in the database?
Plugin Author
Phil
(@philsbury)
Hi @ate-up-with-motor,
I know there’s a couple of other topics, but let’s sort this one initially;
Registration is handled by an additional plugin, but it extends the main age gate one. It shares some functionality but has it’s own options. Age Gate (other than the cookies we’ve mentioned) will never store data unless an admin or developer tells it to – including in the registration. Under registering, any data entered is discarded as soon as the checks have been done, whether they pass or fail (unless an admin or developer has done otherwise).
As for the “Ignore logged in”, it simply checks if a user is logged into the site and if they are, doesn’t challenge their age. It doesn’t to any checks for them, ever (unless they log out).
Most of the settings are documented here, though there may be a couple of new ones that haven’t found their way into the docs yet, something I need to review.
Okay, if registration is handled by the separate plugin, that shouldn’t be an issue. (I’m just concerned about accidentally storing DOBs in the database without realizing I’m doing so!) Thanks for clarifying!
