CookieBot Bulk consent in Subdomains issue

Answered

Gonzalo Chacon

• July 04, 2018 13:21

Hello,

We started implementing CookieBot in our applications for which we have send a Domain Group in which we have set several domain names like so:

moves.example.com
documents.example.com
ioi.example.com
bookings.example.com
... and so on

We have checked the option "Enable bulk consent for all domains" at the bottom of the list, and implemented the CookieBot script with the same ID in each domain. If we accept the cookies in one domain they are not shown again correctly, however when we continue to another one the cookies are requested again.

How can we do to accept only once?, do we need to create only one domain like "example.com" and in the alias include all "moves.example.com", etc?. we don't get what's missing here.

Just to mention, we also checked our browsers settings to check that cookies are enabled... also tested in a browser with no plugins or anything.

Thanks!

0

• Official comment

  

  Rune

  • June 04, 2020 06:47

  Privacy is a fast moving target and certain browser settings is known to interfere with bulk consent. For general advice regarding bulk consent, the following must be in place:

  • The user allows third party local storage in their browser settings
  • The user has not activated “Do Not Track (DNT)” in their browser settings
  • The user accepts all cookies, or as a minimum, cookies in the 'Preferences' category when the user submits their consent preferences

  (From https://support.cookiebot.com/hc/en-us/articles/360003768254-Does-Bulk-Consent-work-for-all-website-users-)

   

  Furthermore, Safari versions 12.1+ features Intelligent Tracking Prevention (ITP) which expires cookies (including the bulk consent local storage) in 7 days, rather than the 12 months that we set.

   

  If you have verified that the users' browser settings are not in conflict with the above, then please contact Cookiebot support and let us know. Please include information about which browser(s) and version(s) used and which sites you experience the issue on.
• 

  Martin Iv. – vConnect

  • July 05, 2018 14:28

  Hey Gonzalo,

  It seems that, you configured the domains correctly in Cookiebot.
  Can you elaborate and also to confirm that have implemented 'prior consent' on all domains/subdomains?

  Regards,
  Martin

  0
• 

  Gonzalo Chacon

  • July 11, 2018 16:44
  • Edited

  Hello Martin, sorry for the delay, I haven't seen the response.
  
  I've checked about the "prior consent" you mention. We are currently implementing CookieBot through Google Tag Manager.
  
  We have followed the tutorial you have, and it works as it should, loading the scripts according to accepted consent. If I didn't misunderstood, implementing here we are implementing "GTM triggers" and do not need to specify the  "data-cookieconsent" in the script since GTM removes all "data" attributes.
  
  Every app works as expected, once you accept the cookies and refresh, it loads the scripts for the accepted consents, the problem is when we go from one doman to another (for example "example.com" to "documents.example.com") the cookies accepted in the first domain are not loaded in the second one, having to accept them once again.
  
  As I mention in the first post, we have "bulk consent" enabled, and we are also including in each app the same CookieBot "cbid".
  
  For each app we have a different GTM Container ID, since in each app we have different Google Analytic events and we load different scripts, could be possible that we have to keep all applications under the same GTM Container ID in order for the bulk consent to work?, I think it shouldn't since it is bind to the CookieBot cbid specified in the script.
  
  Do we need to specify anything else in GTM related to "Prior Consent"? (if so, please post and example)
  
  Please let me know if my description is not clear and I'll update with more info.
  Thank you very much for the response, I'll be pending :)
  Cheers!
  Gonzalo./

  0
• 

  Martin Iv. – vConnect

  • July 12, 2018 10:32
  • Edited

   

  Hey Gonzalo,

  You have done everything correct and bulk consent should work. I`m sorry, but I still don't completely understand the problem, so please give more details in regards of the core problem: "If we accept the cookies in one domain they are not shown again correctly, however when we continue to another one the cookies are requested again." 
  Can you break this down with examples?
  
  Regards,
  Martin

  0
• 

  Gonzalo Chacon

  • July 12, 2018 11:52
  • Edited

  Hey Martin,
  Thank you very much for the quick response.
  
  For example:
  
  Step 1) Let's say I go into the company website "www.example.com", I'm presented with the cookies message, I check the options I want to consent and click "OK". If I refresh the browser the cookie message does not appear anymore (as it should) and the selected options persists, loading the corresponding scripts, awesome!.
  
  Step 2) I go into a subdomain "documentation.example.com" and the cookie message appears at the page, even when I've accepted the cookies in the previous subdomain. I need to select the options I want to consent once again an click "OK", after that if I refresh options are saved.
  
  The problem is that we have several applications that we share with our customers, and each one is in a different subdomain, and currently in each application they need to accept the cookies once again. We want them to accept only once and apply the selected consents in the rest of them.
  
  Please let me know if it's clear, I can try to rephrase otherwise :)
  Cheers!
  
  

  0
• 

  Martin Iv. – vConnect

  • July 12, 2018 14:15

  Hi Gonzalo, 
  
  If you tested it with Chrome,  there is a limitation by-design on third party cookies, which are processed in memory but only flushed to the disk cache once every 30-120 seconds, or whenever the browser is closed. Bulk consent will not work across domains, if the third party cookie "CookieConsentBulkTicket" has not been set in the disk cache. To test bulk consent with your 2 domains, you can start by opening the browser, go to the first domain and submit consent. Then close the browser (to flush the cache to disk), reopen it and go to the second domain. Then you should see that the consent banner is not displayed and the consent automatically registered for the second domain as well.
  
  Thanks.

  0
• 

  Anne K

  • January 20, 2020 18:30

  Hi Martin,

   

  I face the same issue as Gonzalo here.

  =>

  I need to get on my main website to see my price page

  website.com

  I accept some elements of the cookie consent banner

  => Then I go to the funnel, after the price page

  buy.website.com

  The cookie banner appears again, I need to check the consent all over again.

   

  => In this case, any normal user has a seamless experience between website.com and pay.website.com

  No one will ever close the browser, and the re open it to access the 2nd page.

   

  How can I make it work?

   

  Thanks,

  0
• 

  Dave G

  • February 18, 2021 14:16

  Same problem here.
  
  I have verified the following conditions are met:

  • The user allows third party local storage in their browser settings
  • The user has not activated “Do Not Track (DNT)” in their browser settings
  • The user accepts all cookies, or as a minimum, cookies in the 'Preferences' category when the user submits their consent preferences
    
    

  When a user travels between root domain and subdomain they are asked once again for cookie consent. This should not be the case.
  
  The first banner is implemented via the Cookiebot WP plugin, with the second implement via the Hubspot Cookiebot App.

  0
• 

  M Zeeshan

  • May 11, 2022 12:43
  • Edited

  It seems that, you configured the domains correctly in Cookiebot.
  Can you elaborate and also to confirm that have implemented 'prior consent' on all domains/subdomains?

  0

Please sign in to leave a comment.