from Hacker News

This site uses cookies to store the fact you clicked “Accept Cookies”

by boznz on 4/10/25, 10:11 PM with 56 comments

  • by avemg on 4/11/25, 2:45 AM

    I am going to use this opportunity to ask: Why is that stackoverflow sites absolutely, positively cannot seem to remember my cookie preferences and seemingly ask me every single time I find myself there?

  • by ghusto on 4/11/25, 8:13 AM

    Please put in the bare minimum effort to understand. If you had, you'd know that you either _do not need a cookie banner_, or that you do because your site is collecting identifiable information on persons using cookies. If you do not care about the latter, then please start caring.

  • by bradleyy on 4/11/25, 12:30 AM

    As someone who has helped build one of those cookie banners, I will admit that using cookies to store the state of what you consented to is somewhat ironic, or at least meta.

    It's got some really interesting parts though: serving those banners, geolocated (show the right thing for the legal regime you're in) at actual "web scale lol". And while folks hate them, we respect the GPC signal, and then won't show you the banner, just opt you out of everything.

  • by cosmotic on 4/11/25, 2:36 AM

    One thing many dont understand about GDPR is that consent for cookies is only needed if its a nonessentual cookie, or in other words one used for ad tracking or analytics.

    Using a cookie to store user session for login is the use of an essential cookie and doesnt necessitate the popup on its own.

  • by johnea on 4/11/25, 2:27 AM

    I don't agree at all with the "wild west" and "buyer beware" stuff in the article.

    But I do completely agree that it's annoying, when I surf to a website with cookies disabled, and am forced to click "Yes I accept cookies", even though my browser isn't going to accept them. and that after I click OK, the site displays anyway.

    I did read an article that came through the HN feed about how many person/hours of productivity were lost each year to this process in general. It wasn't a small amount.

  • by o11c on 4/11/25, 12:04 AM

    Remember, according to the GDPR:

    * any strictly necessary cookies do not require consent

    * any preference/functionality cookies require consent, but the user has to go looking for them anyway

    Thus, preemptive cookie banners are only needed for the "this is an evil website" case.

  • by boznz on 4/10/25, 10:11 PM

    This short post came about because I got an email yesterday which managed to traverse my spam filters saying my web site does not adhere to the GDPR regulations and (of course) offering to help fix it. Yes I know I shouldn't have opened it. (Lesson learnt, Spam filter added!) Anyway apologies in advance for said budget-driven, non-gdpr-compliant, web-site, and probably falling over at the slightest sign of stress.

  • by zelon88 on 4/11/25, 1:31 AM

    Cookies are entirely a design choice, and a lazy one at that. It is entirely possible to identify, authenticate, maintain session, and store data about a user on the server completely without cookies. *

    * https://github.com/zelon88/HRCloud3/blob/master/core.php#L54...