Do not set a language cookie at all, or provide option to disable cookies (8 posts)

  1. Otto Kekäläinen
    Posted 3 years ago #

    Polylang seems to set to every visitors the cookie
    wordpress_polylang (value is language code).

    This is bad practice for several reasons:

    • this cookie is sent along every single http request the visitors browser make, adding for extra traffic
    • this cookies burst caches in vain

    I particular the latter point is a big issue. When any proxies or caches in the server end or in closer to the visitor tires to cache some of the files transferred over http, these cookies stop it from happening. Even though the cache and expire headers are OK, the mere presence of cookies makes proxies assume that the content varies from visitor to visitor who have different values in the cookies, thus nothing is actually cached.

    Please consider alternative ways to do what you do. I think the best practice is to have unique urls for each language, like example.com/page, example.com/de/page, example.com/fr/page etc. I you want to automatically show the correct language to the user, you should do an auto-redirect to the correct url when the user opens the site for the first time (no referrer detected).

    If the language relies on a cookie, how is for example Google supposed to index all language versions? Using good url would solve it too.


  2. Chouby
    Plugin Author

    Posted 3 years ago #

    I believe you misunderstood the use of the Polylang cookie. The language relies on cookie only when it is not possible to set it in a different way (for example the login page).

    For the vast majority of pages, the language relies either on the content (if you chose this option in settings) or the url (for archives or if you chose to add the language code to all urls in settings).

    Moreover, the cookie is set only one time for each visitor (or when he decides to browse another language).

    Finally, if you test other multilingual plugins (WPML, qTranslate), you will see that they are using a cookie too.

  3. Ov3rfly
    Posted 2 years ago #

    FYI: WPLM plugin does not set a cookie (any more) in current version if it is used with nice permalinks like /en/ etc.

    WordPress itself also does not set any cookie, not even the test cookie (besides the WordPress Meta Widget is visible) in normal front end.

    +1 for a Otto Kekäläinen suggestion.

    Would add an additional check in line 348 of /polylang/include/core.php for a user-configurable option before the setcookie(PLL_COOKIE, ..) call. Polylang appears to work fine also without that pll_language cookie, if language is supplied in URL.

    Possible small patch:

    core.php, line 348, old:

    if (!headers_sent() && (!isset($_COOKIE[PLL_COOKIE]) || $_COOKIE[PLL_COOKIE] != $this->curlang->slug))

    core.php, line 348, new:

    if (!headers_sent() && (!isset($_COOKIE[PLL_COOKIE]) || $_COOKIE[PLL_COOKIE] != $this->curlang->slug) && PLL_COOKIE !== false)

    With the new check the cookie can be disabled via define('PLL_COOKIE', false); in wp-config.php

    See also

  4. Chouby
    Plugin Author

    Posted 2 years ago #

    I cannot test the latest version of WPML as I am not a customer ;-)

    Polylang *is* compliant with EU cookie law (it's important for me as I am European). Just took this quote in the link you provide:

    Some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes. These cookies include cookies used to keep track of a user’s input when filling online forms or as a shopping card, also known as session-id cookies, multimedia player session cookies and user interface customisation cookies, eg language preference cookies to remember the language selected by the user.

    However I will apply your patch in the next version (1.0.2) ... although you must be aware that some functionnalities will break.

  5. Ov3rfly
    Posted 2 years ago #

    Thanks for the quote, but my customers usually do not understand any tech speak so they go for a "no cookies at all" frontend "just to be safe"...

    I cannot test the latest version of WPML as I am not a customer ;-)

    I can, as one customer of mine uses it, but I am looking for an alternative and it looks like your Polylang could be one.

    I am well aware of the unavailable functionalities, that's why I suggested a "low level" switch in wp-config.php instead of a "normal user" option in plugin settings. Still, maybe you can add a short explaining note below plugin settings if the patch is used.

  6. Ov3rfly
    Posted 2 years ago #

    FYI: WPLM plugin does not set a cookie (any more) in current version if it is used with nice permalinks like /en/ etc.

    Was wrong about this, for my customers WPML site I had added a 3rd party no-cookie patch found in WPML forum which WPML wanted to add in 2.6.2 but it's still missing in latest, so WPML users have to add this patch by hand to avoid the front end cookie.

  7. Chouby
    Plugin Author

    Posted 2 years ago #

    Your proposal is now in the development version.

  8. Ov3rfly
    Posted 2 years ago #

    Works as expected, thanks for quick response.

    And as also suggested, maybe you can add a short explaining note or link to documentation below plugin settings if the PLL_COOKIE=false feature is used. Something like "Expert settings used, more details here..." or similar.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Polylang
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic