Determining how Zenario should issue cookies

You can determine how Zenario should issue cookies. In many  countries there is legislation that requires sites to warn users before placing cookies on their browser (eg. GDPR in the UK and EU), and so Zenario lets you choose how cautious it should be before issuing cookies.

Zenario has three modes for handling cookies.

Don't inform

This is the default mode for a new site, but unlikely to be a safe option for a production site.

Zenario simply places cookies on a visitor's browser without warning, in this mode.

Implied consent

In this mode, Zenario will show a message on the first page that a visitor sees, with a message referring to and linking to the privacy policy of the site.

Cookie settings implied consent.png

You should check the message is relevant to your site. You may need to manually make the link to the privacy policy on your site.

Explicit consent

For best possible compliance, you should select explicit consent. Zenario will show a message on the first page that a visitor sees, with a message saying that cookies will be used, and with a link to the privacy policy.

It can be set like this:

Cookie settings explicit consent.png

Important note

Zenario may contain pages with custom JavaScript. This may be set in the <head> and <body> (for example, Google Analytics code). JavaScript may also be determined to run on a layout basis (i.e. on all content items using a given layout), and on a per-content item basis. For example in the site-wide <head> code:

Site settings Head without holding back cookies.png

In the above example a warning is given, and so the site owner has avoided putting any cookie-issuing JavaScript there. But any JavaScript that is put there (on site head/body, or the head/body of layouts or content items), could potentially issue cookies even though the visitor has not given explicit consent.

To carefully hold back cookies, all cookie-issuing JavaScript code should thus be put on the "Cookie-creating HTML/JS" tab (see last tab of screenshot above).

Cookies issues by Zenario

Zenario issues the cookies:

  • PHPSESSID — essential session cookie (always set)
  • cookies_accepted — if the user clicks a button and agrees to accept cookies
  • COOKIE_LAST_ADMIN_USER — if logging in as an administrator, the admin username
  • COOKIE_ADMIN_SECURITY_CODE_2 — if administrator passes 2FA check
  • COOKIE_LAST_EXTRANET_EMAIL — if extranet enabled and user logs in with "remember me"