Cookie banner implementation

In Europe website cookies are a huge topic for every website.

What‘s best practice to implement a cookie banner on the login page ?

Server Setup Information

  • Version of Rocket.Chat Server: 0.74.3
  • Operating System: Ubuntu 18.04 LTS

Thank god for ublock. I should file a carpel tunnel lawsuit against the EU :slight_smile:

1 Like

Cookie banners are not something we have a best practice around. I think we like everyone else hate them. Surely if not adding tracking cookies you don’t actually need one? I’m not from EU so not up on this cookie banner stuff. If you have some reading on it would gladly take a look and pass along

Thanks guys for your feedback. This topic was pretty knew to me and I think I found some sources that explain it very well. If I look at the current implementation it only uses session cookies. As @aaron.ogle mentioned if you not explictly add additional cookies on your setup you just have to refer in the terms of service on the login page that you use session cookies. You don’t have to implement an active acception of cookies or a cookie banner.


Sorry the source is German… but should give you an idea that GDPR distinguishes between technical necessary cookies (session cookies ) and unnecessary cookies.

  • Session cookies that store certain user settings (for example, the shopping cart, language settings, or log-in data)
  • Flash cookies for playing media content
  • Cookies that are set by affiliated payment service providers (regardless of a specific payment), provided that they do not analyze specific usage behavior, but only serve to prepare for possible payments or to verify a payment authorization
  • Opt-out cookies used to revoke cookie consent

I’m not a lawyer but the author of the source above is - don’t blame me if I misinterpreted this or the rules change in future - but at least I tried my best to solve this. We will run our implementation without a cookie banner and mention the use of session cookies in the terms of service.