Disable cookies set by the google plus one button

Asked 18/10, 2012 at 13:4 Answered 29/10, 2012 at 6:41

When I place the following code on my site for a nice standard +1

<!-- Place this tag where you want the +1 button to render. -->
<div class="g-plusone"></div>

<!-- Place this tag after the last +1 button tag. -->
<script type="text/javascript">
  window.___gcfg = {lang: 'nl'};

  (function() {
    var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
    po.src = 'https://apis.google.com/js/plusone.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
  })();
</script>

It does something I do not want.

Without this code I only have my own phpsessid which is needed to have my site functioning.

With this code the following cookies are dropped from the domain plusone.google.com

Google Plus one drops a lot of cookies!

Now, when looking at the expiration date, somewhere in 2014, 2022, 2013... they will live a very long long time.

Point is, nowhere is documentation readily accessible how to disable the placement of cookies by google+1 button, i've done my best to look, even read a lot of stack overflow posts in the hope to find something related.

I did however find how to disable cookies for analytics in my quest(hurray!) but now I need to find a way, javascript option or something to tell plusone not to drop cookies(long live dutch/european cookielaw)

The Question: Has anyone ever encountered the documentation/option to tell +1 button not to drop cookies?

Unmusical answered 18/10, 2012 at 13:4 Comment(7)

Wether there are cookies in there or not, it doesn't matter. The +1 button is already an efficient tracking mechanism which makes a request to a Google server for each page access (where it is embedded). Google Analytics is the same, if not far worse (most websites use it). Add various "screening" of URLs services into the mix and you get a nearly 100% activity tracking for all internet users (-a very few paranoid ones). – Steels 28/10, 2012 at 19:46

The same goes for facebook like, twitter share etc... Everything that pulls data from another server tracks the user. But that is not the concern, it's not disallowed(yet, who knows what they'll think of next) to track visitors/users etc... The problem is that non essential cookies are forbidden by dutch cookie law. – Unmusical 29/10, 2012 at 9:13

So let the third party deal with it. It is not your website placing that cookie, and even if they provide a setting today for users to deactivate cookies, thye might remove it tomorow. Big websites like Yahoo! Mail now have disclaimers and checkboxes specifically for this cookie b*llshit, and they are not dutch. – Steels 29/10, 2012 at 10:8

As website persenter you are held liable for any cookies placed through your website because you control the content that is displayed. Especially since a google +1 button etc... is not an essential piece of code for the functionality of your website. – Unmusical 29/10, 2012 at 10:24

That's not a good reply to what I said. I was saying you have no control for the behaviour of externally loaded code. Today the respective code might not be placing cookies, tomorow it will, without any notice. Third parties still have a responsability to enable/disable cookies based on a user defined setting. – Steels 29/10, 2012 at 11:21

Indeed you don't, but it's still the liability for what the lawmakers are concerned of the owner of the website to keep track of 3rd party cookies. And most 3rd party code providers just don't care. Google, addthis, twitter, facebook, linked in and others just dump the cookies, and provide little to no way to disable them from doing that. They simply don't care about the law until people stop using them because they don't want an € 450,000 fine... – Unmusical 29/10, 2012 at 13:37

for your good don't use phpssid : a very big security hole: any body can get the id after some body connect with it & set his own cookies to be the user who connected use another session name space An Advise !!! – Englert 30/11, 2012 at 13:40

I have coded up a permissions based workaround but I still find it far from ideal because I have to bug the user for permission when they click, but it's better than nothing.

I still need a way to stop google from dropping unwanted cookies. There is no need to track users with so many cookies or any cookies at all in my opinion.

This code makes an user click the link, when they click it they get asked if they want to show the button and what the consequenses are of that descision.

My example code: http://jsfiddle.net/CADjN/3/

Live demo https://www.ortho.nl/orthomoleculaire-bibliotheek/artikel/8091/Langer-leven-met-vitamine-D

<script type="text/javascript"> 
// Function to set the cookie plusone.
function setCookie()
    {
    domain = "www.mysite.com";
    c_name="plusone";
    value="yes";
    var exdate=new Date();
    exdate.setDate(exdate.getDate() + 365);
    var c_value=escape(value) + "; expires="+exdate.toUTCString()+';domain='+domain+';path=/';
    document.cookie=c_name + "=" + c_value;
    }
// Function to see if our plusone cookie exists and has value yes
// Returns true when the cookie is set, false if isn't set.
function getCookie()
    {
    var i,x,y,ARRcookies=document.cookie.split(";");
    for (i=0;i<ARRcookies.length;i++)
        {
        x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));
        y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);
        x=x.replace(/^\s+|\s+$/g,"");

        if (x.indexOf("plusone") != -1)
            {
        if(unescape(y)=="yes")
        {
        return true;
        }
    else
        {
        return false;
        }
        }
    }
}
// Load the plusone module but first ask permission
function loadplusone(thelink) 
    {   
    // Cookie hasn't been set
    if(!getCookie())
        {
            // Get permission
        if(window.confirm("If you wish to 'plusone' this page we need to load a special button from Google.com.\n\nWith this button Google will place some cookies on your computer. Google uses these cookies for statistics and maintaing your login status if you have logged in with Google.\n\nDo you consent to loading the button and the placement of cookies by Google?\n\nIf you agree this website will place a cookie with a year lifetime on your computer to remember this and the plusone button will be loaded on every page where the plusone button is present on this site."))
            {
                    // set cookie, load button
            setCookie();
            var jsnode = document.createElement('script');   
            jsnode.setAttribute('type','text/javascript');   
            jsnode.setAttribute('src','https://apis.google.com/js/plusone.js');   
            document.getElementsByTagName('head')[0].appendChild(jsnode);   
            document.getElementById(thelink).innerHTML = ''; 
            }
        }
    // cookie has already been set, just load button.
    else
        {
        var jsnode = document.createElement('script');   
        jsnode.setAttribute('type','text/javascript');   
        jsnode.setAttribute('src','https://apis.google.com/js/plusone.js');   
        document.getElementsByTagName('head')[0].appendChild(jsnode);   
        document.getElementById(thelink).innerHTML = ''; 
        }
    }
    </script>
    <!-- Where the plusone button should go this piece of code should be placed -->
    <a id="plus1" href="javascript:loadplusone('plus1')">Show Google +1</a><g:plusone></g:plusone>
    <!-- This should be placed below the above code or in the onload event of the document -->
    <script type="text/javascript">
    if(getCookie())
        {
        var jsnode = document.createElement('script');   
        jsnode.setAttribute('type','text/javascript');   
        jsnode.setAttribute('src','https://apis.google.com/js/plusone.js');   
        document.getElementsByTagName('head')[0].appendChild(jsnode);   
        document.getElementById('plus1').innerHTML = ''; 
        }
    </script>

Unmusical answered 22/10, 2012 at 10:21 Comment(1)

I accepted my own anser because that is the most userfriendly way to do it... but still waiting for a good solution to this dillema. Then i'll move the accepted mark to the person who has the key. Unfortunately no bounty answer has been given. – Unmusical 29/10, 2012 at 9:14

It seems the EU cookie law is far more unwieldy than it seemed at first glance :\

There does not seem to be a way to block the cookies set by Google's +1 button. The user might block third-party cookies in their preferences, but you as a site developer cannot indicate that your specific site disallows cookies from third parties, and the actual cookies are set on a different domain, so your Javascript cannot interfere with that either.

The directive allows you to keep essential cookies, so you can store a cookie for the purpose of recording the visitor's acceptance or rejection of cookies. You could ask for permission once if that cookie is not set. You should proceed with initializing the +1 buttons only when the visitor gives you permission to track third-party cookies or you already have their permission recorded in the cookie; otherwise you should skip the +1 button initialization code.

Rough incomplete example (actual cookie manipulation left out):

(function() {
    var allowed = getCookie('allowCookies');
    if (allowed === undefined) {
        allowed = confirm('Allow cookies?');
        setCookie('allowCookies', allowed? 1: 0);
    }
    if (allowed) {
        // initialize +1 buttons:
        var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
        po.src = 'https://apis.google.com/js/plusone.js';
        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);

        // initialize any other third-party tools that might set cookies ...
    }
})();

Admissible answered 27/10, 2012 at 8:7 Comment(2)

I already have such a solution available for solely the +1 button. I am hoping that someone who has been hacking away the code or has found something deep within the google catacombs an option to disable the placements of cookies. Thanks for your answer though. – Unmusical 29/10, 2012 at 9:6

And it's not EU cookie law that's unwieldy. That just requires you to inform the visitor which is not hard... It's our Dutch goverment which has decided in all it's stupidity to force all non essential cookies into the denied bin unless specifically and informed allowed. IE you have to describe what the cookies do. – Unmusical 29/10, 2012 at 9:9

I have coded up a permissions based workaround but I still find it far from ideal because I have to bug the user for permission when they click, but it's better than nothing.

I still need a way to stop google from dropping unwanted cookies. There is no need to track users with so many cookies or any cookies at all in my opinion.

This code makes an user click the link, when they click it they get asked if they want to show the button and what the consequenses are of that descision.

My example code: http://jsfiddle.net/CADjN/3/

Live demo https://www.ortho.nl/orthomoleculaire-bibliotheek/artikel/8091/Langer-leven-met-vitamine-D

<script type="text/javascript"> 
// Function to set the cookie plusone.
function setCookie()
    {
    domain = "www.mysite.com";
    c_name="plusone";
    value="yes";
    var exdate=new Date();
    exdate.setDate(exdate.getDate() + 365);
    var c_value=escape(value) + "; expires="+exdate.toUTCString()+';domain='+domain+';path=/';
    document.cookie=c_name + "=" + c_value;
    }
// Function to see if our plusone cookie exists and has value yes
// Returns true when the cookie is set, false if isn't set.
function getCookie()
    {
    var i,x,y,ARRcookies=document.cookie.split(";");
    for (i=0;i<ARRcookies.length;i++)
        {
        x=ARRcookies[i].substr(0,ARRcookies[i].indexOf("="));
        y=ARRcookies[i].substr(ARRcookies[i].indexOf("=")+1);
        x=x.replace(/^\s+|\s+$/g,"");

        if (x.indexOf("plusone") != -1)
            {
        if(unescape(y)=="yes")
        {
        return true;
        }
    else
        {
        return false;
        }
        }
    }
}
// Load the plusone module but first ask permission
function loadplusone(thelink) 
    {   
    // Cookie hasn't been set
    if(!getCookie())
        {
            // Get permission
        if(window.confirm("If you wish to 'plusone' this page we need to load a special button from Google.com.\n\nWith this button Google will place some cookies on your computer. Google uses these cookies for statistics and maintaing your login status if you have logged in with Google.\n\nDo you consent to loading the button and the placement of cookies by Google?\n\nIf you agree this website will place a cookie with a year lifetime on your computer to remember this and the plusone button will be loaded on every page where the plusone button is present on this site."))
            {
                    // set cookie, load button
            setCookie();
            var jsnode = document.createElement('script');   
            jsnode.setAttribute('type','text/javascript');   
            jsnode.setAttribute('src','https://apis.google.com/js/plusone.js');   
            document.getElementsByTagName('head')[0].appendChild(jsnode);   
            document.getElementById(thelink).innerHTML = ''; 
            }
        }
    // cookie has already been set, just load button.
    else
        {
        var jsnode = document.createElement('script');   
        jsnode.setAttribute('type','text/javascript');   
        jsnode.setAttribute('src','https://apis.google.com/js/plusone.js');   
        document.getElementsByTagName('head')[0].appendChild(jsnode);   
        document.getElementById(thelink).innerHTML = ''; 
        }
    }
    </script>
    <!-- Where the plusone button should go this piece of code should be placed -->
    <a id="plus1" href="javascript:loadplusone('plus1')">Show Google +1</a><g:plusone></g:plusone>
    <!-- This should be placed below the above code or in the onload event of the document -->
    <script type="text/javascript">
    if(getCookie())
        {
        var jsnode = document.createElement('script');   
        jsnode.setAttribute('type','text/javascript');   
        jsnode.setAttribute('src','https://apis.google.com/js/plusone.js');   
        document.getElementsByTagName('head')[0].appendChild(jsnode);   
        document.getElementById('plus1').innerHTML = ''; 
        }
    </script>

Unmusical answered 22/10, 2012 at 10:21 Comment(1)

One thing i don't like about social sharing buttons is There javascript manipulation & the waste speed

So almost every time when i use Static Button so you should also use static one

Otherwise : a work around for this problem is to unset the Cookies after the page loaded

using onLoad() & unset it

what do you thnik ?

Englert answered 29/10, 2012 at 6:41 Comment(3)

Not allowed by cookie law. You still break the law and then try to cover up the evidence. Plus I can't unset google cookies because they are from a google domain not my own. – Unmusical 29/10, 2012 at 9:5

you can override them even if its not your domain – Englert 30/11, 2012 at 1:26

But they still get set if I'm to override them. It's like committing a crime and then hiding the evidence. – Unmusical 30/11, 2012 at 9:24

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags