I think on the long term this extension has to include some helper functionality for an identity's privacy.

What I mean is, that there should be "a default way to handle an identity's privacy".
So there should helpers be inlcuded, something like:

• getDataByIdentity($identity)
• deleteDataByIdentity($identity)

Then new modules could easily implement these methods and e. g. a user component can go through all modules, collect everything together and display it to the user. Moreover it make's the delete task very easy.

The privacy cookie can currently be checked and set through the widget. This makes sense in terms of a global setter, e. g. when it is included in the layout to check in every request.
If output is not enforced, the widget will disappear once the user has made a decision.

With the block it would then be possible to include that widget e.g. on the privacy policies page or somewhere else, to give the user the chance to change the choice easily.

What steps will reproduce the problem?

Cookie expiration time should be longer then current session. change to a year. (As we all hate those dialogs anyhow!)

If the current url looks like example.com?foo=bar the accept button wont work.

A widget to provide the privacy text.

luya\privacy\CookieHint::widget();

The cookie should work out of the box, with inline css for absolut position etc. even a message file with default texts should be available but with option to override.

options:

• message
• element (an array to full configure the html element)
• css: turn off or override defaults

Full config could look like:

luya\privacy\CookieHint::widget([
    'message' => 'text ...'
    'element' => ['tag' => 'p', 'class' => 'alert alert-info'
]);

When widget output is forced, it outputs the privacy message even if a choice has been made. This is needed in terms of giving the user an easy way to change his settings.

The problem at the moment is that if a user has accepted and then declines afterwards, nothing happens to already set cookies. Therefore we need to take care about these, so we should have something like a "cookie killer", which deletes all cookies once the user declines.

What steps will reproduce the problem?

Using the widget as it is.

What is the expected result?

The get param should be removed after setting the cookie

What do you get instead? (A Screenshot can help us a lot!)

Some seo tools give warnings due to the acceptCookies param

Something like this solves the problem...

if ($acceptCookies == '1') {
      $this->setPrivacyCookieValue(true);
      Yii::$app->response->redirect(Yii::$app->request->referrer);
}

Currently we're adding the styles e.g. through $css param and/or project css.

It would maybe make sense, if the widget's CSS class is adjustable aswell.
Like this we could then use e.g. Bootstrap's fixed bottom class or whatever and it would directly be styled in our default colors.