J!Extensions Store™
Faq Cookies are not blocked, what could be the reason?

Cookies are not blocked, what could be the reason?

Created on:Thursday, 03 May 2018 00:00

If you look into the Firefox or Chrome inspector tools, cookies will still be shown, this is normal and can't be prevented removing cookies only on the client side.

The cookies by default are blocked using javascript code after the page is loaded, so a browser console will continue to show them in the cookie tab, but If you check them using the command 'console.log(document.cookie)' in the browser console, no cookies will be reported. It's common that online services such as Cookiebot could still report cookies even if they are blocked client-side claiming that the website is not compliant. Mainly this happens because these services are not able to reproduce a browser behavior and scripts, so this kind of reports is not fully reliable.

The Joomla session cookie moreover is blocked server-side and client-side, so despite the fact it's still present and randomly showed in the client browser console when page is reloaded, it's blocked by PHP before its usage and deleted by javascript after the page load. To double check that the Joomla session cookie is correctly blocked, you can try to perform a login and it must fail, moreover you can try to execute the command 'console.log(document.cookie)' or simply write 'document.cookie' in the browser console and the result must show an empty cookie string "".
Obviously if you use a cookie audit tool it will continue to see that cookie even if blocked server side. The Joomla session cookie by the way is a strictly technical cookie that would not even need to be blocked.

If you want to enforce the cookie block involving even third-party cookies and blocking all local cookies even server side you can enable the following settings as well. If local cookies are blocked server side, no cookies will be sent by the server so the browser won't report any cookie anymore in the cookie tab.
If you choose to block even third-party cookies, you must manage the list of domains to match all domains used on your website that generate cookies and that you want to be blocked.

gdpr cookie settings

If you want to block a resource such as the Google Analytics tracking code that is added by a Joomla! system plugin, pay attention to the ordering of plugins because the execution order of system plugins matters. In order to allow the GDPR system plugin to block that resource, the GDPR plugin must be ordered AFTER the plugin adding that resource.