How does it work

As web developers we have to deal more and more with legal matters. We just want to code great stuff and now we have to interact with legal aspects in our work.  A little learning is a dangerous thing, we are still developer not lawyers. Our clients are just as insecure as we are - even lawyers don't know exactly where the journey is going. 

The presented module is an attempt to be prepared for all eventualities. 
Last week I was often in a bad mood, because the development didn't run smoothly. I learned a lot and now I'm an expert in dealing with cookies, the techniques behind them and the European regulations. If you're a developer, I'm sure you'll be surprised about some things in my code. Many external applications, mostly used for marketing or statistical purposes, should be included inside the template as Javascrcipt-Snippets. Most of these services work on the basis of cookies. The usage of Cookies requires the active consent of the user - says the judgement of the European Court of Justice. From now on it is about Opt-In instead of Opt-Out.

I very much hope that the current discussion will lead to the disappearance of Tracking-Cookies and that the use of technically necessary Session-Cookies will no longer have to be confirmed by annoying cookie banners. That would be better for everyone.


At the beginning I thought a System-Plugin could be the the best choice. I could step in to the "OnBeforeRender" event and to suppress the cookies before outputting them. With the session cookie this would have worked, because it is set very early in the rendering process. Long before the template is even parsed. But even that would have worked only to a limited extent. The documenting session table is filled even earlier. With every call of a new page Joomla would have noticed that there is no necessary Session-Cookie and would have filled the table again and again. I decided to let the Session-Cookies be Session-Cookies for now and turn to the real problems, the external Tracking-Cookies. Using a module seemed to me to be the most reasonable option.

Modules can be positioned everywhere within the HTML-Document inside the template. There are external applications and code snippets that want to be placed at the end of the HTML-Document, others at the beginning and others at the top of the page. Still others only want to be placed on certain result pages, e.g. after a form has been sent. ( Facebook pixel). Only a Joomla module meets these special requirements. 

So this module does nothing else than place the needed Javascript-Snippets (PHP - if required) inside the document after the user has given his consent. A Cookie is written to save this selection. If the user withdraws his consent, the cookie will be deleted and the code and its additional Cookies will removed from the HTML-Document. So far so good. And this is not always easy. And this is not always easy. A cookie must be deleted with its parameters it was created with.

We don't know exactly this with external Cookies. That is the reason why we have to go through all methods that are technically available to us. So with or without expiration date, with or without path, etc. This problem is compounded by browser incompatibilities.

This process must work reliably and robust for legal reasons. Therefore the cookies are deleted directly and visible for the user with Javascript (Vanilla), but on  serverside with PHP as well.

The developed module can be easily placed at any position inside templates. The external Code-Snippets can be configured in the backend. The associated cookie names are stored like a detailed description and the purpose of each Snippet.

Session-Cookie, User_State- and Language- Cookie are displayed as disabled - but can also set to invisible via configuration.

What still needs to be done?

  • Adding a parameter to choose between the usage of  VanillaJS -Modal or JHtml-Modal ??
  • Adding a parameter to disable  the Sessioncookies?????
  • Show the User-State Cookie as well?
  • Fixing the language strings
  • Fixing CSS-Issues
  • Code Clean-Up (tabs)
  • Testing