Cookie consent tools available for OXID eShop

On 1st of October 2019, the European Court of Justice decided that browser cookies (and similar technical possibilities) can only be stored on the computer of a visitor of a website if he explicitly gives his consent. This decision was confirmed by German Federal Court of Justice on 28th of May 2020.

In the past we have taken efforts to provide you with the necessary information on this topic in webinars, blog posts etc.

Necessary and essential cookies set by OXID eShop

In the case of only technically necessary cookies for running this website (for example in a shopping cart system like OXID eShop to keep the content of a cart) it is okay to inform the visitor about the name of the cookie, how long it will be valid and what it actually does. These cookies do not have to be confirmed by the visitor of your Online shop. And here’s a list of essential and technically necessary cookies used in the storefront of OXID eShop:

NameGroupValid how longWhat is it for
sid and sid_keyessentialuntil end of session, until browser will be closedThese cookies identify you to the shop with a unique identifier, e.g. to save the shopping cart.
languagefunctionalends after 167 minutesSaves the currently used language.
displayedCookiesNotificationfunctionalends after 167 minutesStores the decision about cookie consent of the visitor of the website.
aHistoryArticlesfunctionaluntil end of session, until browser will be closedSaves a list of the last seen product items.
oxid_<shopid> and oxid_<shopid>_autologinfunctionalends after 60 minutesSaves the information if a visitor of your Online shop want’s to autologin to the application.
amazon_Login_state_cachefunctionalends after 60 minutesSaves the information if a visitor of your Online shop is presently logged in to Amazon as well for autologin. (Only valid if the AmazonPay module is in use)

Tracking and marketing cookies

It’s different with tracking and marketing cookies: if you make use of them, you have to provide a tool (mostly implemented as a modal popup storefront-side) where your visitor explicitly may give his consent that cookies for this purpose might be set.

Hint #1
In an Online store it is easy to urge your visitors to accept such cookies by giving the right incentive: maybe you can offer a discount of x percent 😉 I hope there will be a technical solution for this nice idea (isn’t it?) soon.

Hint #2
Be prepared that your tracking data will never again be the same as it was before: Even if you could persuade your prospect to give his consent for getting tracked, more and more modern browsers are about to stop cross-site cookies. And with this, your visitor might accept burning in hell but you’ll never see him there.

With the themes Flow and Wave OXID eShop deliveres a possibility to have your Google Analytics ID entered via admin panel. This will activate Google Analytics tracking, the JavaScript code will download tracking cookies named _ga, _gid and _gat_gtag_UA_*. Unfortunately, we cannot 100% say what they do and for how long they will be valid as these are cookies set by Google and could be changed anytime.

You guys need solutions

The topic is anything but simple: there are very different technical approaches and still only vague statements about how such a Cookie Consent Tool should look like in detail. The worst thing about it is that if only 5% of the implementation is wrong or only 90% of the implementation is right, the implementation as a whole is 100% wrong. However, experts are sure that there will be no legal notices about this in the near future. But of course, in a perspective, you guys need solutions for your (or your client’s) Online shops, don’t you?

Consent Management Providers

An external solution could be the usage of a so called “Consent Management Platform”, abbreviated as CMP. These CMPs are on the market for a while now (for different purposes, not only cookie consent) and offer their services as SaaS-Providers. The implementation is often very easy: just register, get your JavaScript snippet and implement it into your (child) template. We’ve seen a lot of enterprise clients turning to these solutions within the last few weeks. Their pricing is often bound to the number of pages of a website but also to languages used or the number of domains. Depending on their plans, they can do a one-time or a regular cookie scan.

As all of your projects might be different, I can’t give a hint of the one and only CMP to go with. Just google it yourself. For our own sites, we go with Usercentrics.

Generic open source tools

“Generic” is in a manner that there are open source solutions independent from the above named SaaS platforms that can be implemented in your project but there’s no OXID module yet to implement them with a simple composer require.

  • OIL: wow, this project seems to be in a “movement”. Actually I wanted to present you the OIL solution but it seems to be deprecated by now. Instead, the former OIL project leads to another framework called “IAB” right now.
  • However, there’s still the tarte au citron project alive like a fish in the water 😉
  • Klaro! is another open source solution, licensed under BSDv3.

Available modules for OXID eShop

Modules for OXID eShop can be easily installed via composer require or any other method available.

Commercial plugins

Open source plugins

These are the tools I know so far. Please feel free to complete them in the comments

I have a dream

As a Community Manager, I am allowed to have a dream, aren’t I? How about bundling all of our forces to have a freely available tool for that issue on the basis of the named open source plugins or modules for OXID eShop? I summon all of you guys with the same intention: Instead of doing your own personal stuff, heading for that two and a half pens you could earn with your private solution, please join one of the open source modules and hammer them with your pull requests for better handling of these hilarious requirements that might change with the wind within the next few weeks. Savvy? 😉

Can’t wait to discuss this in the comments/the forums or in dev-general Slack.



Start the discussion at OXID forums