Cookillian Troubleshooting

on November 17, 2013 in WordPress with no comments by
Cookillian, the WordPress plugin that I wrote to address the EU/UK Cookie Law, is a helpful little tool to assist with compliance. But sometimes users seem to run into trouble with it and are at loss on how to resolve it. Following are a few of those, to help provide a solution.

CloudFlare

Cookillian works with CloudFlare. In fact, my own website that you are currently visiting uses Cookillian as well as CloudFlare, and takes advantage of the geolocation data they include with requests. But depending on your settings with CloudFlare, it might happen that whenever someone clicks the opt in/out link for cookies, this doesn’t get recorded.  A tell-tale sign of this is when you try to opt-out from a page other than the home page — visit another page, and the cookie notice will appear again, and again.

Of course that’s an undesirable result, but its due to CloudFlare stripping out “unnecessary” details from its responses, which in this case is the cookie that remembers what the visitor had chosen.  The fix for this, is to tell CloudFlare not to cache WordPress’ AJAX URL, by using a “Page Rule”.

To do so, login to your CloudFlare account, and from your “Websites” page, click the appropriate cog/gear icon for your website and select “Page Rules”.  Then you will need to add a new rule, with the “URL Pattern” similar to the following:

*myatus.com/wp-admin/admin-ajax.php

This is the case if your WordPress installation is something like “www.myatus.com” or “myatus.com” — the asterisk will automatically pick up sub domains.  If you have WordPress installed in a sub-directory, then you will need to adjust that URL Pattern accordingly, for example:

*myatus.com/sub-directory/wp-admin/admin-ajax.php

With the use of the asterisk, you could go as far as including many levels of sub-directories.

Then for that page rule, you will need to set the following:

  • Custom Caching: bypass cache
  • Always online: Off
  • Apps: Off
  • Performance: Off

You can leave the “Security” to On, which will help deter malicious access to that URL. Click the “Add Rule” button to complete adding the rule.

Note: CloudFlare allows up to 3 page rules for their free service. More rules are available for their paid plans.

In essence, this will tell CloudFlare to leave that particular URL as-is. This might also be helpful for other plugins that use WordPress’ AJAX interface, as this ensures that it will return data exactly the way it was intended — including the cookie header that Cookillian needs.

Cookie alerts are not shown

When the cookie alert isn’t shown, the solution may not be as straight forward as the issue with CloudFlare. This because there are several reasons for which this can happen.

Display Alerts: Manually

A possibility is that the setting “Display Alerts” is set to “manually”. If this is the case, then it would be up to the web developer to ensure that the alert is displayed when it needs to. The help section of the plugin provides more details on how to do this.  Generally, you may want to keep this at “automatic”, so that Cookillian will take care of all the processing required.

No geolocation data

One possibility is that Cookillian is not receiving any, or incorrect geolocation data. While it is preferred to leave the “Undetermined Countries” setting for Cookillian enabled, the simplest way to verify this geolocation issues is to login to your WordPress Administration area then to proceed to Settings -> Cookies. Near the bottom of the page, you will find a “Debug” link, and by clicking on it will reveal some debug information. Most important, at the bottom of the debug information, are the “Detected IP” and “Detected Country” fields as in this example:

Detected IP: 213.123.234.101

Detected Country: United Kingdom

It should show your IP address and detected country.  It is possible that it will show “Unknown” as the detected country, but it should only do so for a limited amount of IP addresses (predominantly new IP allocations or private/local IPs).

To verify the IP address, you can visit MaxMind, and enter the detected IP address in the provided area for their GeoIP demo. Note that this is based on their newer and high-accuracy database, but it should still provide you with some feedback about what MaxMind believes is the correct country.

If MaxMind provides a country, but Cookillian did not, it is possible that the default geolocation service for Cookillian is not providing accurate information or could not be reached (for example, your hosting provider does not allow outgoing HTTP connections from PHP scripts).

In that case, you can opt to use MaxMind’s data instead, which is done without HTTP lookups. To do so, from the Cookillian Settings (Settings -> Cookies) select MaxMind as the “Geolocation Service”.  This will provide you with two additional settings under the heading “MaxMind Settings”. These two fields are for providing the location of MaxMind’s geolocation data — their “Lite” data can be found here.  Either upload those files using the provided buttons, or place them on the server manually and provide the correct directory/file location in the provided field.

Note: If Cookillian detects CloudFlare or Apache/Nginx Geolocation data, it will add a “(detected)” statement after the geolocation service — it is preferred to select that option if this is the case.

Use of Implied Consent

The purpose of the “Implied Consent” option is that if a visitor ignores the cookie alert by visiting another part of the website, it implies that the visitor agrees to cookies set by the website. However, this setting can at times lead to problems and has to do with the way Cookillian currently determines if the visitor has seen the notice and then decided to ignore it.

Particularly, this happens when a WordPress theme or plugin uses a PHP script to generate a CSS stylesheet or JavaScript. As an example, if you were to look at your page’s source code and would see the following:

<link rel='stylesheet' id='style-css-css' href='http://mysite.com/wp-content/themes/mytheme/style-css.php?ver=3.7.1' type='text/css' media='all'/>

Then it is very likely that the “Implied Consent” option will not work as expected, with the result being that the alert is not shown. Particularly, Cookillian (incorrectly) sees that the PHP script called is ‘another page’ on the website, and thus sets a cookie that the visitor has given implied consent.

At the moment, the safest option in this case would be to disable the “Implied Consent” feature, which in fact is the case on my own website you’re visiting now (due to this particular issue).  It may bug the visitor with an alert until an action has been taken, but ensures that you will comply with the cookie directive.

Obscured or missing alert

Another problem that occurs from time-to-time, is that the alert is either obscured, or missing entirely.

To check if the alert is missing, you will have to visit your web site and use the browser’s “View Source” (or similar) feature, often found by control/right-clicking on a page. Near the bottom of the page, you should find a <div> element with the class name “cookillian-alert” that contains your alert.

If you cannot find this, then it is likely that your theme is missing the wp_footer() function. It is not only required for Cookillian, but many other plugins as well. Most often, this is missing from a theme file called “footer.php”, but will be dependent on your theme.

If the element is there, then it is possible that the alert is obscured. But this too will depend on what was outlined earlier, such as for example the geolocation data. Cookillian will only show the alert if it receives a signal to do so. So here some deeper investigation is required, of which I will give a general outline only, due to the complexity:

  • With a browser inspector, for example Google Developer Tools or Firebug, reload the page whilst looking under the “Network” tab what files are being called.
  • Inspect the calls to the “admin-ajax.php” file, for which the “action” (in “Form Data”) is “cookillian” and func is “init”.  The response should include a JSON “data” object:
    • If “is_manual” is set to “true”, then Cookillian delegates that responsibility to the developer of the website.
    • If “blocked_cookies” is set to “true” and “opted_out” is set to false, Cookillian will display the alert.

So with the above, you should be able to tell if Cookillian is signalled to show the alert. If the alert does not show in that case, and the element containing the alert is present (see the wp_footer() issue), then it is likely the alert has then been obscured. You will need to use the same inspector (Developer Tools, Firebug, etc.), to determine where and how the alert is shown.  For example, it is possible the z-index is not high enough, or another CSS element is overriding it to be always hidden or off-screen.

Help! I’m locked out!

There have been a few occasions where a user has been unable to login to WordPress. This can happen if the following two things happen:

  • The user has opted out of receiving cookies.
  • Cookillian is missing a “wordpress_*” or “wordpress_test_cookie” entry marked as “required”.

The first thing to do is to clear the browser’s cookies, which will also clear the opt in/out choice for cookies.  Then in the Cookillian “Cookies” area (Settings -> Cookies -> Cookies) ensure that there’s an entry “wordpress_*” and that it is ticked/marked as “Required”.  This will ensure that regardless of the opt out status, WordPress cookies are still permitted and thus allowing the user to login.

 

Photo  by waitscm

Join the discussion

Your email address will not be published. Required fields are marked *