Every one knows that bringing a website online means to face some challenges to be compliant with the local law. Especially in Europe we face the changes that were introduced in 2018. This blog post is about the Liferay way to deal with cookies and I think it's worth to think about it.
To learn about the rules in Europe you could read this: Ultimate Guide to EU Cookie Laws.
It basically says that a website is NOT ALLOWED to place ANY cookie without the consent of the user!The only exception to this rule are cookies that are 'necessary' to offer the service at all.Plus: The user must be able to reject cookies permanently!
And in fact there are a lot of lawyers only waiting to find a page that is not compliant. That way they earn a log of money!
That said, if you inspect the cookies that Liferay places into the browser, you'll notice:Cookies for the Session (JSESSION), the guest language (GUEST_LANGUAGE_ID) and the ability to store cookies (COOKIE_SUPPORT) on every (guest) visit on the page. To argue that the latter two are 'necessary' is at least.... critical.
The cookies that Liferay sets when users logs in are less critical! Assumed that you get the user consent when registering on your portal.
I think that Liferay should support European users with this. GUEST_LANGUAGE and COOKIE_SUPPORT are the problem. If I overlooked a simple way to disable them, please let me know.
At first I was impressed that Liferay supports this out of the box. Just get your GA ID and paste it into the corresponding site setting. Liferay then injects the necessary script into every page.
But in Europe we can't use this. Because of the already mentioned law. GA places cookies and the service provider needs the consent of the user to do so.
And in that script you need to respect the decision of the user if he does not want you to place cookies!
If you suffer from the strict law over here as well (I'm not saying that the law is not useful... the opposite is the case...) then you may have a look on my current implementation for this.
Just go to www.indie-smarthome.com and have a look into the page source.
As always: If you have better solutions for the challenges that I faced: Don't hesitate to let me know via the comments!