Hi all,
As you may know, Bubble’s default behavior when a new, logged out visitor comes to your app is to create a temporary record for that user so that you can store information about what the user does prior to them signing up. In order to support this, we set session-tracking cookies in the user’s browser to link their web browser to the temporary user object we create in the database.
We’re introducing a new feature to give you more flexible control over how this works. It’s an optional setting in the “General” -> “Privacy & Security” section of the “Settings” tab called “Do not set cookies on new visitors by default”.
If you check that box, then Bubble will not automatically create a temporary user record and set cookies for new visitors. Instead, we remember any data saved to the Current User (using the “Make Changes to Current User”) action only in the current open tab in the user’s browser. If the user closes that tab, the data is lost. On sign up, we transfer any data stored this way to the newly-created user object.
There are two main reasons you might want to enable this feature:
-
Cookie opt-in and permissions. More and more websites are asking permission from users before setting cookies on their browser. If you’d like to get explicit permission from your users before setting cookies, this gives you a tool to let you do that.
-
Performance and capacity. Creating a temporary user in the database for each new visitor takes some time and uses some capacity. Depending on your app, it might make sense not to spend that capacity on a casual visitor until they’ve indicated intent to actively engage with your application. Temporarily storing data in the user’s web browser is a much cheaper action than temporarily saving it the database. For users who don’t have cookies assigned yet, the “Make changes to current user” action can run entirely in the browser, without forcing a workflow to run on the server. (The “Make changes to thing…” action applied to the current user will still currently force the workflow to run on the server, although the actual effect of the action is the same).
Turning on this box will enable two new actions in the “Account” menu: “Opt-in to cookies” and “Opt-out from cookies”.
Calling opt-in to cookies will create a new temporary user in the database and set cookies to remember the user: basically, the same behavior Bubble adopts for all new visitors when the new setting is not turned on. This action will transfer all data saved in the user’s browser tab to this new temporary database record. You can call this, for example, in response to users clicking an “Accept” option on your cookie policy. Or, if you are enabling the new setting purely for performance reasons, you might choose to call this action behind the scenes for users whose interactions with your app are worth storing in the database.
Opt-out from cookies lets you create an opt-out option to reverse the opt-in. It will delete the user’s session cookies, which will break any association between the users’ web browser and the database record, so calling this will effectively cause your app to forget anything it knows about this user.
Finally, enabling this feature adds a new message on the Current User, “is using cookies”, that lets you check the user’s opt in / opt out status.
If you’re interested in using this new feature, please read the relevant sections in the reference which goes into more detail:
Overall: https://bubble.io/reference#ApplicationSettings.cookie_opt_in
The opt-in action: https://bubble.io/reference#Actions.CookieOptIn
The opt-out action: https://bubble.io/reference#Actions.CookieOptOut
The message to check the user’s state: https://bubble.io/reference#Data.Messages.User.is_using_cookies