jakobsrc created the topic: Cookies not removed at one of my ISPs and some other remarks
Hi Michael, I appreciate your GDPR extension, well done!!
I encountered a weird issue with it though.
All installs are with version 3.7.3 on a standard virgin Joomla! 3.8.7 with PHP7. No other extensions installed.
1. On one of my online test web sites hosted by a certain ISP, the plg_system_eprivacy cookie is not removed when I withdraw my permission (through the module). Instead the cookie refreshes upon each new page (the expiry time of the cookie is updated each time). Also the session cookie set by Joomla is not removed.
If I remove the eprivacy cookie manually, all the other cookies disappear with the next page refresh (this is the expected behaviour). When allowing cookies, all cookies are placed anew and everything is allright. When withdrawing my permission again, the eprivacy cookie is again not removed and the same story starts all over.
When I implement the same extension v3.7.3 on a standard Joomla 3.8.7 install AT A DIFFERENT HOSTING ISP, the problem is not there and everything works as expected.
Have you got an idea as to what ISP setup/rights/permissions may be different?
Next, I have the following remarks:
2. The logging of cookie permissions is done in the table #__plg_system_eprivacy_log. The IP field of this table only allows for 15 characters and can therefore not hold a complete IPv6 address. I have changed this field to VARCHAR(255).
3. The IPv6 addresses of users allowing cookies are recorded in the table #__plg_system_eprivacy_log without the colons ( : ). I believe this is not right.
4. Your IP retrieval code does not seem to be compatible with IPv6. I am attaching the PHP code that I use for grabbing the visitor's IP address and I am using it as a function in the ajax plugin file eprivacy.php.
Thank you again for your efforts to create this extension and best regards!
michael replied the topic: Cookies not removed at one of my ISPs and some other remarks
1. There is a new configuration requirement for some users. I've found that SOME ISPs run site configurations that don't play nice with e-Privacy. I found this by buying a hosting account with one of these ISPs so I could experience it first-hand. The particular host I knew would replicate this issue only sells hosting accounts on an annual basis - so it was an expensive bug to find.
The configuration to resolve that issue is to set the cookie domain in Joomla global configuration. Simply, make it the same as your canonical domain name. By default, Joomla precedes this with a "." (dot/period), so if you want it to behave like vanilla joomla, you can do that too. If you're running your site on
- your cookie domain can be any of: .
(the joomla default),
(restrictive), or .example.com (super non-restrictive) - If you don't have a particular reason to pick 2 or 3, go with 1.
2. Good call, I'll make that adjustment - but I'll go with a varchar length of 45 which accommodates ipv4, ipv6 and ipv6mapped addresses. It's for logging purposes only, so it should be fine, and backwards compatible.
3. I'll address that with the SQL changes
4. I wrote it in 2012, and IPv6 wasn't such a big deal then. I've written much better IPv6 tools, and I'll apply them.
Thanks for the constructive criticism and praise, I appreciate it! I'll start working on the 3.8.0 version soon, which will incorporate at least one new feature, similar (opposite) to the accepted cookies access level, users who have not accepted cookies will be part of a different access level - allowing you to display alternate modules for users who have not accepted cookies (taunting them to accept)