[New Feature] Cookie opt-in

Hi all,

As you may know, Bubble’s default behavior when a new, logged out visitor comes to your app is to create a temporary record for that user so that you can store information about what the user does prior to them signing up. In order to support this, we set session-tracking cookies in the user’s browser to link their web browser to the temporary user object we create in the database.

We’re introducing a new feature to give you more flexible control over how this works. It’s an optional setting in the “General” -> “Privacy & Security” section of the “Settings” tab called “Do not set cookies on new visitors by default”.

If you check that box, then Bubble will not automatically create a temporary user record and set cookies for new visitors. Instead, we remember any data saved to the Current User (using the “Make Changes to Current User”) action only in the current open tab in the user’s browser. If the user closes that tab, the data is lost. On sign up, we transfer any data stored this way to the newly-created user object.

There are two main reasons you might want to enable this feature:

• Cookie opt-in and permissions. More and more websites are asking permission from users before setting cookies on their browser. If you’d like to get explicit permission from your users before setting cookies, this gives you a tool to let you do that.

• Performance and capacity. Creating a temporary user in the database for each new visitor takes some time and uses some capacity. Depending on your app, it might make sense not to spend that capacity on a casual visitor until they’ve indicated intent to actively engage with your application. Temporarily storing data in the user’s web browser is a much cheaper action than temporarily saving it the database. For users who don’t have cookies assigned yet, the “Make changes to current user” action can run entirely in the browser, without forcing a workflow to run on the server. (The “Make changes to thing…” action applied to the current user will still currently force the workflow to run on the server, although the actual effect of the action is the same).

Turning on this box will enable two new actions in the “Account” menu: “Opt-in to cookies” and “Opt-out from cookies”.

Calling opt-in to cookies will create a new temporary user in the database and set cookies to remember the user: basically, the same behavior Bubble adopts for all new visitors when the new setting is not turned on. This action will transfer all data saved in the user’s browser tab to this new temporary database record. You can call this, for example, in response to users clicking an “Accept” option on your cookie policy. Or, if you are enabling the new setting purely for performance reasons, you might choose to call this action behind the scenes for users whose interactions with your app are worth storing in the database.

Opt-out from cookies lets you create an opt-out option to reverse the opt-in. It will delete the user’s session cookies, which will break any association between the users’ web browser and the database record, so calling this will effectively cause your app to forget anything it knows about this user.

Finally, enabling this feature adds a new message on the Current User, “is using cookies”, that lets you check the user’s opt in / opt out status.

If you’re interested in using this new feature, please read the relevant sections in the reference which goes into more detail:

Overall: https://bubble.io/reference#ApplicationSettings.cookie_opt_in

The opt-in action: https://bubble.io/reference#Actions.CookieOptIn

The opt-out action: https://bubble.io/reference#Actions.CookieOptOut

The message to check the user’s state: https://bubble.io/reference#Data.Messages.User.is_using_cookies

I’ve turned on the box but I can’t find the “Account” menu: “Opt-in to cookies” and “Opt-out from cookies”.

It’s in the new action menu:

47%20PM1396×1176 103 KB

When we decide to show a popup where a user makes a decision to either opt-in or opt-out the “Current User is using cookies” gets set to either a “yes” or a “no”. But on subsequent pages or visits you would like to know whether a user has already made a decision or not.
How can we test whether the user has not opted-in and has not opted out yet. Like a “Current User is using cookies is empty”?

Thank you!

There’s no built-in support for that – from Bubble’s point of view, they’re opted out until they opt in, there’s no “neither” state. If you want to hide the cookies popup if they say no, you can create a field called “explicitly opted out” on the user object, and use the “Make Changes to Current User” action to set it. That will last as long as their current browser tab lasts (if they change to a different page on your site, the setting will be preserved). It’ll be lost if they close the tab, though. It’s hard to get around that, since if we don’t set cookies, we can’t really remember the user’s preferences… that’s the point of cookies!

Hey Josh,

If I understand you correctly, this means that we cant have a popup that says we use cookies because these cookies will expire once they close the tab?

Thanks!

Hi Josh,

I did exactly that - creating a boolean field in the user type/object called “explicitly opted out”. I set it having default value “no” and being set to yes as soon as the user opts out. However, when I move to a different page in my app the pop-up for cookie consent that I set up still appears.

Any way this can be fixed?

Hello,

When a user opts out, they’re logged out and the ‘is using cookies’ of their account remains ‘yes’. So all “opt out” does is log the user out currently. Is there a way to actually opt a user account out of cookies, or are cookies necessary for someone to even be logged in?
I have a simple workflow which only opts out of cookies and shows an alert.