Does WPConsent support server-side WP Consent API?
-
Does WPConsent support server-side WP Consent API?
wp_has_consent()returns true pre-consentEnvironment:
- WPConsent (Cookies Banner & Privacy Suite): 1.1.7
- WP Consent API: 2.0.1
- Consent model: opt-in
- WordPress, PHP 7.3+
I’m trying to gate cookies server-side (PHP) using the WP Consent API while WPConsent is active in opt-in mode, and the server-side consent check reports consent as granted before the visitor has accepted anything.
On a fresh visit with no consent given:
wp_get_consent_type()returns “” (empty)wp_has_consent('marketing')returns true- No wp_consent_marketing cookie exists at all
Client-side, everything looks correct on the same page load: window.wp_consent_type is “optin” and the JS wp_has_consent(‘marketing’) returns false before consent. It’s only the server side where the type is empty and consent comes back as granted.
How to reproduce — drop this into a plugin or the theme’s functions.php:
add_action( 'wp_footer', function () {printf('<script>console.log("CONSENT_DEBUG", %s);</script>',wp_json_encode( array('wp_get_consent_type' => function_exists( 'wp_get_consent_type' ) ? wp_get_consent_type() : 'missing','wp_has_consent_marketing' => function_exists( 'wp_has_consent' ) ? wp_has_consent( 'marketing' ) : 'missing','wp_consent_marketing_cookie' => isset( $_COOKIE['wp_consent_marketing'] ) ? $_COOKIE['wp_consent_marketing'] : null,) ));} );Load the site in a fresh incognito window (no consent given) and check the console.
Observed output:
CONSENT_DEBUG { "wp_get_consent_type": "", "wp_has_consent_marketing": true, "wp_consent_marketing_cookie": null }Expected (opt-in, before consent):
wp_get_consent_type = "optin"wp_has_consent(...) = falseWhy this matters: any plugin that sets cookies in PHP and checks wp_has_consent() before doing so will set them before consent, because the API reports consent as granted. WPConsent’s client-side script blocking can’t stop cookies that PHP sets during the request, so they end up loading before consent.
Questions:
- With WPConsent active, why does wp_get_consent_type() return empty in PHP? Should it not report optin server-side the way it does client-side?
- Because the type is empty, wp_has_consent(‘marketing’) returns true before the visitor consents. Is server-side wp_has_consent() meant to be usable with WPConsent, or is consent enforced client-side only?
- If server-side is supported, is there a setting we’re missing to make wp_get_consent_type() / wp_has_consent() reflect consent state in PHP?
Thanks for any clarification!
You must be logged in to reply to this topic.