Support » Plugin: GDPR Cookie Compliance » Issue with Firefox

Viewing 15 replies - 1 through 15 (of 19 total)
  • Plugin Author Moove Agency

    (@mooveagency)

    Hi @tabano78

    Thanks for using our plugins.

    1) Are you using the latest version of our plugin(s)?
    2) Can you please provide your website URL so that we can check?

    Hope this helps.
    Thanks

    tabano78

    (@tabano78)

    https://web259.s156.goserver.host/
    (Don’t worry about this URL and all the dots. I have tested it in other domains, too and got the same issue. Just used this URL because it’s a blank and fresh installation)

    1) I have installed a new and blank WordPress
    2) Did the WordPress and theme (twenty twenty) update
    3) Installed latest version of Matomo in a subdomain (analytics.web259.s156.goserver.host/
    4) Installed latest version of your plugin
    5) Checked that Firefox is the latest version

    In other browser it is working, but not in Firefox.

    You asked for information
    I delivered the information
    Without any solution you set the issue to solved

    Is this the way you are dealing with issues? Are this your guidelines?

    I can confirm this issue but the support here is ignoring it.

    When I dig into it, I see that the Matomo cookie will not be deleted in Firefox while the Google Analytics cookie will be.
    The difference with both is, that the browser developer tools shows that the Google cookie runs under the domain “.mydomain.com” while the Matomo cookie runs under “matomo.mydomain.com”

    Plugin Author Moove Agency

    (@mooveagency)

    Hi @check2020de

    If the Matomo cookie is not stored under the same domain/subdomain as the site that our plugin is running on, our plugin can’t delete that cookie (it’s a standard browser security feature).

    Hope this helps.
    Thanks

    You tell me you can’t delete the cookie because the cookie is runing under a sub-domain of the same domain like your plugin is running?

    Why is it working in all other browser, but not in Firefox?

    Ok, here is what happens in Firefox:

    1) Given consens and the non-essential matomo cookies (subdomain.mydomain.com) are set through your plugin
    2) Consent is declined through your plugin, the value of the moove_gdpr_popup cookie is changing from […]advanced%22%3A%221%22%7D to […]advanced%22%3A%220%22%7D but the matomo cookies will not be deleted
    3) Given consent back to the non-essential cookies through your plugin and the matomo cookies will be deleted as well as all others (also this ones which are not set through the non-essential section in your plugin)!!!

    So your plugin can delete the cookies of the subdomain, but not at the time it should be. Also your plugin is deleting other cookies which are not placed through your plugin!

    Plugin Author Moove Agency

    (@mooveagency)

    Hi there,

    Thanks for using our plugins.

    The cookies in Firefox are removed completely, however, the cookie list is not updated by browser. You can read more about the issue here: https://support.mozilla.org/bm/questions/1241225

    Our GDPR plugin has an advanced cookie removal tool, using two functions:
    1. JavaScript variable, run trough all your cookies stored in your domain and remove it by setting up an expiration date
    2. PHP removal function, using both $_COOKIE and $_SERVER[‘HTTP_COOKIE’] variables

    The matomo cookies are also removed, but these are still visible in Firefox as the script are misusing the recommended “sameSite“ attribute for cookies created. You can contact matomo support for guidance.

    In Firefox you can see the following error for matomo cookies: “Cookie “_pk_id.1.7367” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite”

    You can type the following console command to your firefox console app: document.cookie.split("; ");, it will list all the cookies. Please paste it before you accept the cookies, you can see an array including all the cookies. Repeat after the cookies are disabled by GDPR plugin, and you should get an empty array.

    Hope this makes sense.

    Thanks! Will check this also with Matomo

    Do I get it right, if the user re-ject the consent you delete all cookies, not only this ones set through your plugin?

    Just checked the sameSite attribute of the _pk cookies. They are set to lax, not to none!

    Plugin Author Moove Agency

    (@mooveagency)

    Correct, if the user reject the consent, all the cookies will be deleted. And after that, the scripts will be inserted again based on the user preferences, and these scripts will re-create the necessary cookies.

    You can test in your browser using the “document.cookie.split(“; “);” command the functionality.

    Please note, our plugin manage the 3rd party scripts, if the script is not inserted, the tracking it doesn’t work even if the cookies are not fully removed.

    Thanks

    Correct me if I’m wrong.

    Your plugin has 2 sections where I can place code to set cookies and the user can switch on and of one or both of this section.
    So your plugin should only delete this cookies of the section the user switched of. NEVER the plugin should delete cookies not set by your plugin!

    Ihave cookies which are essential. This are set outside your plugin and MUST NOTbe deleted by your plugin.

    Plugin Author Moove Agency

    (@mooveagency)

    Our plugin deletes all cookies stored under the same domain. This is the only way that we can support cookie removal function – how else should our plugin know which cookies were created by scripts inserted into our plugin and which were created in other ways?

    If this is not how you want your cookies to work on your site, please choose another cookie plugin.

    Looks like I need to use another plugin

    At the moment a cookie is set through “section 1” of your plugin there must be an information stored that this is done through “section 1”. Then only “section 1” cookies should be deleted.

Viewing 15 replies - 1 through 15 (of 19 total)
  • You must be logged in to reply to this topic.