“Functional” cookie not recognized as such

  • Resolved bios4

    (@bios4)


    4 years, 2 months ago

    Hello!

    I am using Complianz in current version 4.7.1 with German localisation and have a problem defining a special cookie as a functional, i.e. necessary cookie.

    The cookie is not listed on cookiedatabase.org because it comes from a security plugin used on my website.

    Defining the cookie in question manually in the section “Used cookies” with the purpose of “functional” does not solve anything! As soon as you accept “functional cookies only” in the frontend, the cookie in question will be deleted.

    I have deactivated the synchronization with cookiedatabase.org for testing purposes, and I have already manually “hacked” the WordPress table “***_cmplz_cookies” to define the same settings for the cookie in question as for other, functional cookies where Complianz works correctly. Unfortunately without success – the cookie is deleted again and again as long as you do not select “accept all cookies” in the frontend.

    So therefore I ask for help here – what could be the reason?

    Unfortunately, remote access to the site is not possible because it is a staging environment that cannot be accessed via the internet.

    Thank you in advance for any advice!
    BR Mike

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi,

    Could you let me know which cookie and plugin? I will have a look at cookiedatabase.org and the plugin to see what we can do.

    regards Aert

    Thread Starter bios4

    (@bios4)

    Hi Aert,

    thanks for your reply.

    It is the cookie set by the “All In One WP Security & Firewall“-plugin, containing the information for the “rename login page URL” feature.

    This means as soon as the cookie is deleted, the login status of the user is gone, too. If this is not “functional”, what else is? ??

    The feature is described on their site as follows:
    Ability to hide admin login page. Rename your WordPress login page URL so that bots and hackers cannot access your real WordPress login URL. This feature allows you to change the default login page (wp-login.php) to something you configure.

    So the “name” of the cookie is highly customizable, because it reflects the “secret login page URL slug” the user selects. Thus I assume it will as good as never be recognized by the cookiedatabase.org API

    I hope that helps!??

    Additional info:

      I defined a (fictitious) “service” and assigned the cookie in question to it.
      The “purpose” of the cookie in question is set to “functional”.
      All parts of the Complianz-UI tell me that everything “should be fine” (meaning all cookies, services, etc. are marked with the green check sign).

    And one more question:
    Is it necessarily required that “show cookie in cookie policy” is checked for all functional cookies?
    Because it seems that the plugin does not properly work also when this checkmark is disabled for (a) certain cookie(s)…

    • This reply was modified 4 years, 2 months ago by bios4.
    • This reply was modified 4 years, 2 months ago by bios4.
    • This reply was modified 4 years, 2 months ago by Yui.
    Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi @bios4,

    I will try the functionality and get back to you. Complianz will not remove the cookie, as we don’t directly remove, enable or disable cookies, but do it a step earlier by intervening in the scripts itself.

    This would mean we block a script from All in One, which would be strange, as they are not targeted.

    There’s a difference between functional admin cookies, and functional cookies related to the front-end and your website visitors, but I don’t know exactly what is happening in your case.

    I will get back to you,

    regards Aert

    Thread Starter bios4

    (@bios4)

    Thank you @aahulsebos!

    I’m looking forward to hearing from you…

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    Hi @bios4,

    As Aert says, Complianz does not delete cookies.

    If complianz blocks anything, this will show as a script in your websource with a class cmplz-script and text/plain.

    If you find such a script from your security plugin please post the script filename so we can check it.

    Another thing you can check: if complianz is causing the issue, activating “safe mode” in the settings will resolve it.

    The result of these checks will help us track down your issue.

    Hi, about that. How can I really know if complianz is really blocking the cookies?

    Thread Starter bios4

    (@bios4)

    Hi @rogierlankhorst,

    thanks for your reply, too.

    Unfortunately I could not find any occurence of “cmplz-script” in my site’s sourcecode, even tough Complianz is active (and was set to “accept functional cookies only”).

    I created some screenshots of the existing cookies and their values on my staging site before/after being logged-in and also before/after accepting each of the two options Complianz offers (all, only functional)…

    Please hava a look at them as follows:

    1) Not logged in, nothing selected yet in Complianz at all
    2) Not logged in, selected all cookies
    3) Not logged in, selected only functional cookies
    4) Logged in, nothing selected yet in Complianz az all
    5) Logged in, selected all cookies
    6) Logged in, selected only functional cookies

    The cookie obfuscated in orange color is the said cookie from All in One WP Security. This is “deleted” (by whoever!???) as soon as one selects “only functional cookies”. It remains available when “all cookies” are accepted (or no option is chosen yet).

    EDIT:
    Activating the “safe mode” did NOT change ANYTHING in said behaviour or above shown cookie settings…

    Any more hints?

    • This reply was modified 4 years, 2 months ago by bios4.
    Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi @crauser,

    Could you start a new thread, and maybe specify which cookie. Please share your URL as well, and I will explain how it works for that specific instance.

    regards Aert

    Plugin Author Rogier Lankhorst

    (@rogierlankhorst)

    Hi @bios4,

    We have been testing with this, you are right, the cookie was cleared by Complianz. I discovered that in for some situations the cookie, although not deleted, could be cleared.

    This is resolved in the latest github release:
    https://github.com/Really-Simple-Plugins/complianz-gdpr

    We will include this fix in the next release, which at the latest will be Monday.

    If you want to install the fix before that, you can update it from github.

    Let me know if you have any questions!

    Rogier

    Thread Starter bios4

    (@bios4)

    Hi @rogierlankhorst,

    thanks for the follow-up.

    I just updated my environment to the GitHub version and this seems to solve the problems! Anyway I will have to test this a bit more thorough after work*, but at a first glance this looks promising…

    Thanks for your efforts to solve my issue and finally for coming up with a bugfix in just a few days. Much appreciated!

    Best regards,
    Mike

    * I will update this thread and mark it as resolved as soon as I was able to have a closer look without distractions and everything turns out fine…

    Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi @bios4,

    Thanks:)

    regards Aert

    Thread Starter bios4

    (@bios4)

    So, I played a bit and the fix in the GitHub version seems to work properly…

    @aahulsebos / @rogierlankhorst I will mark this thread as resolved as soon as the new version incl. this fix is available on the official www.remarpro.com repository and the test of it proves that all is ok.

    Thanks a lot for your efforts!

    BR Mike

    Plugin Contributor Aert Hulsebos

    (@aahulsebos)

    Hi @bios4,

    Thanks for your feedback. The release will be soon,

    regards Aert

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘“Functional” cookie not recognized as such’ is closed to new replies.