CookiePolicyManager

This script helps you manage the requirements of EU cookie regulations, while enabling you to provide a good user experience. It enables:

  1. Saving and retrieving information about the user’s choice (info is saved locally using localStorage or… a cookie).
  2. Detecting user navigation to a second page, which counts as implicit consent provided you have shown a notice to the user.
  3. Executing one or several functions (callbacks) when the user consents to tracking cookies, or on page load if consent was already given and recorded.

This script does not provide a user interface, such as a cookie “banner”. You will have to build your own UI, and write a JS script for basic features such as showing or hiding the UI, adding event listeners to buttons, etc. If that looks intimidating, you can look at our demo for inspiration.

Read more about the legal side: gov.uk guide and CNIL guide (in French).

Usage

These examples use native JavaScript (and DOM) methods, but you can convert to jQuery-based code if you like it better. Basic usage of CookiePolicyManager might look like this:

var cookiepm = CookiePolicyManager({ navigation: true });

// Hide the banner on user agreement (or immediately)
cookiepm.action(function(){
    document.querySelector('.CookieNotice').setAttribute('hidden', '');
});

This only hides the banner when we detect a second page navigation (and on page views after that). If you want to provide a button for closing the banner (and registering the user choice), you will need to add an event listener:

document.querySelector('.CookieNotice button').addEventListener('click', function(){
    cookiepm.update('explicit', 'close button');
});

You can register additional actions:

cookiepm.action(function(){
    // For instance: copy Google Analytics code here,
    // to only use Analytics AFTER implicit or explicit
    // user agreement. (It’s a legal requirement!)
});

What if you want to give users a way to opt out? Let’s say that you have a “Legal notice” or “Privacy policy” page, and you want to create a button for denying tracking there:

var denyButton = document.querySelector('#refuse-cookies');
denyButton && denyButton.addEventListener('click', function(){
    cookiepm.update('deny', 'deny-button');
});

Want to see a different example? Look at our demo’s script.

Options and methods

The CookiePolicyManager function takes an optional object of configuration with the following options:

And it returns an object with these methods:

FAQ (Nobody asked these yet but they might!)

Like any HTML content, it can be rendered by the browser before your script has the chance to hide it. This means it can flash briefly or even be displayed for one or two seconds in some situations. You could make sure the banner is hidden by default, e.g. using the hidden attribute.

<aside class="CookieNotice" hidden></aside>

And then remove the hidden attribute if the cookiepm.status().allowed property is false. See the demo script for an example of that behavior.

I’m calling update() but my banner is still there

Are you calling CookiePolicyManager().update('explicit', 'something')?

Every time you call CookiePolicyManager(), you get a new object with its own action queue. So the code in the previous paragraph will save the provided information in localStorage (good), but it will execute an empty action queue.

If you need to use CookiePolicyManager from several scripts, add to its action queue, etc., you should create one instance and expose it globally:

// cookie-policy.js
window.myCPM = CookiePolicyManager(options);

// marketing-automation.js
myCPM.action(function(){ /* do something */ });

Safari in Private Browsing doesn’t detect page views

In Private Browsing mode, Safari (on iOS at least) doesn’t allow access to localStorage or sessionStorage. We can store the user choice in a cookie, but detecting the navigation relies on sessionStorage, so it’s disabled.

So this solution relies on JavaScript?

Yep. This shouldn’t be an issue because all tracking, analytics etc. tools targetted by the EU regulations tend to be JavaScript-only, too, so if a user has disabled JS your probably respect EU regulations already. Note that session cookies, authentification cookies and shopping cart cookies are always valid and require no consent.