SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× EU e-Privacy Directive needs your help!

A free extension like this survives only by reputation. You can help by submitting a review in the Joomla Extension Directory. Please take the time to make a review by clicking on the link below (opens in a new window)

extensions.joomla.org/write-review/review/add?extension_id=4850

Control registration/login depending on whether policy/cookies are accepted

More
2 weeks 5 days ago #4132 by athco
Hi,
Your plugin is excellent and thank you very much.
Yet, I need to take it a little bit further. Please, let me tell you about...
I need to deny registration/login to users that do not accept the site's data privacy and rules. I know I can make it work using a modal form, but I don't want to. In case a user denies policy/cookies he is accepted as guest ONLY, with limited features available to him/her. To be a full member, he/she must accept policy/cookies.
So, when a new user comes to the site, he is not registered (he is "GUEST") and he has not decided yet if he accepts or declines cookies/policy. Actually, he is NOT "ACCEPTED COOKIES" AND NOT "DECLINED COOKIES".
In this case, I need to prevent him from registering, that is to hide/disable the login module.
In case he declines, it's easy. Using your "DECLINED COOKIES" group I can hide/disable whatever I want.
In case he accepts, I must show/enable the registration/login module, so I need a "GUEST" AND "ACCEPTED COOKIES".
I really don't know if I can and/or how to to this...
Could you please help me?
Thank you very much in advance...

Please Log in or Create an account to join the conversation.

More
2 weeks 4 days ago #4135 by michael
Users can't register until they accept cookies because the registration form requires cookies. So, you're golden.

Please Log in or Create an account to join the conversation.

More
2 weeks 4 days ago - 2 weeks 4 days ago #4138 by athco
I guess you mean that hiding the login form with Accepted/Declined Cookies group I'm golden. Sorry, but I'm not!
There are not ONLY two groups (Accepted or Declined Cookies). There is a third one (Not Decided Yet). I need to separate them all three, because actually they have different permissions and privileges. That's (almost) all the fuzz about!
On the other hand, when Not Decided Yet, if registration/login is hidden the user doesn't realizes that actually there is a "site-behind-the-site" (only for registered ones), simply because he doesn't see any way he can become a member. Users MUST see the registration/login button, MUST know there is a registration/login process, but he is not entitled to this because he hasn't accepted cookies/policy yet. He wants to, he doesn't know how. Oh, don't tell me it is written in the policy in the cookies banner. Just tell me, what is the user percentage that actually reads more than 2 lines? And yes, I don't want to loose these users.
So finally, I need three states: Accepted Cookies, Declined Cookies, Not Decided Yet. The first two from your plugin work perfectly. Actually they are only one, but they 're OK.
Accepted Cookies: Registration/Login shown
Declined Cookies: Registration/Loginh hidden
Not Decided Yet: Registration/Login disabled style, tooltips, onclick messages/alerts that cookies/policy has not been accepted and the whole story why the user should accept cookies/policy, etc.
That's it...
Is it possible?
Thank you for your patience....
Last edit: 2 weeks 4 days ago by athco. Reason: Spelling

Please Log in or Create an account to join the conversation.

More
2 weeks 4 days ago #4141 by michael
There is no way to distinguish (on the server) if a user is declined or not decided. Without a cookie, the site only knows that there is not consent. The only time the server knows anything about a user is when they accept cookies. Devising a volatile storage method that complies with GDPR was hard enough, transmitting that data defeats the entire purpose of the plugin (compliance). Yes there is the possibility to decline specific cookies, but the session cookie is always allowed when a user accepts. The session cookie is what is required to log in, so it doesn't matter how many cookies you list, users still must accept cookies (even if they decline everything else in the list) in order to log in or register.

In the documentation I suggest hiding login and registration forms until users accept cookies. The declined cookies level offers you an option to display something else...maybe a "you need to accept cookies to login or register" message.

Please Log in or Create an account to join the conversation.

More
2 weeks 4 days ago #4143 by athco
Thank you very much for your prompt reply and thorough explanation.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Powered by Kunena Forum