Cookies.... disclose or don't disclose

I wanted to check with all the web devers… As the python videos have discouraged me, I’m taking a break, and decided to do a few of the take home projects to hone my skills. Doing the weather app project, and am thinking to use a cookie to cache previously searched locations, and display them along the top as clickable buttons, so they will be there when the page is reloaded.

The documentation for document.cookie looks pretty straight forward, but my questions is about the legal need to disclose… If I’m reading correctly, if I’m just saving information about the page, and not personal info and am not sharing with third partys and stuff, I don’t have to have one of those cookie disclosures you’re seeing on every other page these days. Is that correct? Anybody doing a lot of cookie stuff?

Thanks in advanced… if anyones curious below is the codepen for the weather site… its a rough draft… just focused on general layout and functionality, haven’t put any real effort into making it pretty yet.

Well, got the cookies implemented so that it saves tabs of cities you search, but still curious if anyone with experience using cookies knows if I’d need to disclose, or is it only if I’m using and sharing more personal data.

I honestly don’t know and I think a lot of companies leave the compliance check to a legal team.

The type of cookie you are talking about might fall under a preferences cookie (needs consent it seems) and not a strictly necessary cookie. I would imagine that you can do some fingerprinting with such a cookie so that might also be part of the consideration.

Maybe just use localStorage instead?

In any case, I doubt it matters much for such a Codepen project.

Isn’t a cookie stored on their local machine, and therefore unless I send, share, or store it on my end, I’m not collecting their info??? I did notice there are options that allow my cookie to be viewed by other sites the user visits… but I think by default its set to lax, meaning only codepen can read the cookie, and nobody else. I’ll have to check with my legal team, haha.

I think the point is that you could collect their data. “Just trust me, I won’t do it” isn’t good enough for the GDPR.

Just read the law.

Good read, thanks for the link. I like the saving tabs at the top, and sounds like I’m not technically in violation, but I guess adding the radar at the bottom gets to take a back seat to a footer cookie warning with an option to decline, and a boolean on my saveTabs() function :slight_smile:

I don’t actually know enough about this to give you proper advice, so “not legal advice, not a lawyer”.

I think the iframe the pen is loaded into also makes it a third-party cookie. If you just go to the page and enter document.cookie in the console you won’t see your cookie, but if you change the context to the iframe you will see it (just right-click and inspect the page). If you visit the page in Chrome in a private window it will block the cookie which it does for third-party cookies. Not sure if it’s just technically a third-party cookie or if it actually counts as one in practice.

Haha, thanks… I didn’t know localStorage was a thing (I thought you meant just storing it on the c drive or something)… looking into localStorage it seems implementing that instead would be a better solution. It was definitely fun learning about cookies, but seems those are more sinister than just storing a value in someones browser… which is what I thought cookies were in the first place.

Plus, seems in codepen, the domain for the cookie isn’t the same depending on if you’re in full view, editing or what not… my weather app restores a different set of tabs depending on if I’m editing it, or if I’m doing full view, or even linking from a bookmark… weird and inconsistent.

localStorage is handy.

1 Like

Yeah, that was sooooo much easier, its already implemented… took like 5 mins. Just writing a weird look before/behind regex to sift out my cookie string took 10 times as long, lol.