This might also fix #13246.

#13246 is nearly 2 years old... so I don't see any chance that this gets fixed soon. Shortly they moved it from milestone 4.0 to 4.1
I expect it will be moved later to 4.2, 4.3,...

refs #16113 where we add a feature to enable consent

Below some text that describes how it can work with Matomo 3.13.7 and also how we could improve this further if we wanted.

How can I still track a visitor without cookies even if they decline the cookie consent?

You can under circumstances track your visitors using Matomo without needing consent by disabling cookies and not tracking personal data (learn more).

If you don't track any personal data, it means you can track any visitor even if you don't have consent yet and also if the user declines or rejects cookie consent by adding the following line to your tracking code:

_paq.push(['disableCookies']);

As soon as a user gives you cookie consent, execute the following JS tracking code once to initialise the cookies for this visitor:

_paq.push(['enableCookies']);

This ensures the same visitor can be idendified as the same visitor in all subsequent visits.

When the user views another page on your website after consent was given, simply no longer disable cookies (_paq.push(['disableCookies']);) as part of your tracking code.

Please note this requires Matomo 3.13.7.

Was thinking of providing an alternative way where you don't need to check the tracking code depending whether consent was given

From Matomo 3.13.7, requireConsent() will disable cookies as well. Meaning we don't set any cookie and we don't send any tracking request unless setConsentGiven is called or at some point previously rememberConsentGiven was called (it stores the given consent in a cookie). This is basically how it works for tracking consent. Above mentioned steps is for cookie consent but it is bit complicated as the tracking code needs to change depending on whether consent was given.

I'm thinking of providing a similar mechanism for cookie consent. It means you don't need to add disableCookies to the tracking code depending on whether you got consent for cookies or not making it easier for the user and increases the chances that it will work with more consent managers.

Basically this involves adding 2 methods and a new cookie:

• _paq.push(['disableCookies']) // this is basically requireConsent. Cookies won't be disabled if consent was remembered
• _paq.push(['enableCookies']) // this is basically setConsentGiven
• _paq.push(['rememberCookieConsentGiven']) // new method, will store given cookie consent in a mtm_cookie_consent cookie
• _paq.push(['forgetCookieConsentGiven']) // new method, will remove the previously given cookie consent

The regular tracking consent cookie is currently called mtm_consent. We'd need to add another mtm_cookie_consent cookie to store whether consent was given.

I see this working better as I'm thinking consent managers might not always let you configure to use different tracking code depending if you have consent or not.

The diff for the tracking code would roughly look like this and explain it better:

diff --git a/js/piwik.js b/js/piwik.js
index 828334f151..5ae72871b4 100644
--- a/js/piwik.js
+++ b/js/piwik.js
@@ -3033,6 +3033,7 @@ if (typeof window.Piwik !== 'object') {
 
                 // constants
                 CONSENT_COOKIE_NAME = 'mtm_consent',
+                COOKIE_CONSENT_COOKIE_NAME = 'mtm_cookie_consent',
                 CONSENT_REMOVED_COOKIE_NAME = 'mtm_consent_removed',
 
                 // Current URL and Referrer URL
@@ -6795,6 +6796,10 @@ if (typeof window.Piwik !== 'object') {
              * Existing cookies will be deleted on the next call to track
              */
             this.disableCookies = function () {
+                if (getCookie(COOKIE_CONSENT_COOKIE_NAME)) {
+                    return;
+                }
+
                 configCookiesDisabled = true;
 
                 if (configTrackerSiteId) {
@@ -6806,6 +6811,21 @@ if (typeof window.Piwik !== 'object') {
                 return !configCookiesDisabled;
             };
 
+            this.forgetCookieConsentGiven = function () {
+                deleteCookie(COOKIE_CONSENT_COOKIE_NAME, configCookiePath, configCookieDomain);
+            };
+
+            this.rememberCookieConsentGiven = function (hoursToExpire) {
+                if (hoursToExpire) {
+                    hoursToExpire = hoursToExpire * 60 * 60 * 1000;
+                } else {
+                    hoursToExpire = 30 * 365 * 24 * 60 * 60 * 1000;
+                }
+                this.enableCookies();
+                var now = new Date().getTime();
+                setCookie(COOKIE_CONSENT_COOKIE_NAME, now, hoursToExpire, configCookiePath, configCookieDomain, configCookieIsSecure);
+            };
+
             /**
              * Enables cookies if they were disabled previously
              */
@@ -7732,6 +7752,7 @@ if (typeof window.Piwik !== 'object') {
 
                 deleteCookie(CONSENT_COOKIE_NAME, configCookiePath, configCookieDomain);
                 setCookie(CONSENT_REMOVED_COOKIE_NAME, new Date().getTime(), thirtyYears, configCookiePath, configCookieDomain, configCookieIsSecure);
+                this.forgetCookieConsentGiven();
                 this.requireConsent();
             };

I could add this but also don't want to add something that may not be really needed or provide too many ways of doing things etc.

This new guide be basically for cookie consent add _paq.push(['disableCookies']); and when the user clicks on the consent button exec once rememberCookieConsentGiven.

Are there any thoughts? The idea is basically to make it more convenient if people need only cookie consent.

@Findus23 @mattab

Implemented this new flow in #16178 and adjusted https://github.com/matomo-org/developer-documentation/pull/359/files . It simply makes a lot of sense for both tracking and cookie consent to behave the same

Wrote FAQ in https://matomo.org/wp-admin/post.php?post=41717&action=edit&lang=en

I guess in general in the future we maybe want to recommend using requireCookieConsent over disableCookies (which always keeps cookies disabled).

We'd probably also want to link from https://matomo.org/faq/new-to-piwik/how-do-i-use-matomo-analytics-without-consent-or-cookie-banner/ to the new FAQ

And need to document the new mtm_cookie_consent cookie (done)

Once #16178 is merged I'll adjust the privacy opt out page in Matomo itself as part of Matomo 4 (to avoid merge conflicts) (done in #16188)

@mattab created FAQ in https://matomo.org/wp-admin/post.php?post=41717&action=edit&lang=en if you want to have a look and then we should be able to close this issue

It simply makes a lot of sense for both tracking and cookie consent to behave the same

Yes, this is much easier this way! it's a great solution and the guide at https://developer.matomo.org/guides/tracking-consent is quite clear.

@tsteur slightly tweaked the FAQ and published at https://matomo.org/faq/new-to-piwik/how-can-i-still-track-a-visitor-without-cookies-even-if-they-decline-the-cookie-consent/

renamed to:

How do I track a visitor without cookies when they have not given consent for tracking cookies?

added a link on: https://matomo.org/faq/new-to-piwik/how-do-i-use-matomo-analytics-without-consent-or-cookie-banner/:

To avoid the analytics cookie consent banner, follow the steps in How do I track a visitor without cookies when they do not give consent for tracking cookies?. (alternatively, if you are not planning to ask for cookie consent in the future, you can also disable all analytics cookies for all visitors)

we can close the issue as it seems all done 👍