Cookie Policy Consent – free script implementation

No Comments » Written on June 12th, 2012 by
Categories: Scripts

The European Union has adopted several laws in regards to online privacy, and it requires webmasters with visitors from within the EU area to ask for each user’s consent to place any cookies on their browser. If you are a webmaster, chances are your website will set at least one cookie in your visitors’ browsers, and as EU laws start to fade in in application, you should comply with these requests or you can face fines.

Cookies are small files set by a website in the web browser, used for different purposes: tracking (if you have a tracking script like Google Analytics or any other), session cookies (used to show specific content per visiting session), third party cookies (set by other companies you have listed on your website: advertising, analytics, affiliate tracking etc).

These being said, even though less than 5% of the websites comply with the new laws (as of time of writing this article), we are about to see if these cookie privacy laws have any success in application. Should you decide to comply or not, it is at your own decision, but for those interested I have found a free script that can be used for getting user consent for setting up cookies in their web-browser.

How to implement Cookie Consent script

This script uses a free javascript location detection that prompts the Cookie Consent message only to visitors from Europe. This way, you do not need to pop-up the Consent Request message to users from other countries where is not necessary.

If the user gives his/her consent, a cookie is set for 90 days, giving the user full access to the website. If the user does not consent, the script will redirect the user to a static cookie consent page.

First of all, create a file called cookieConsent.js and copy the following code to it:

Code for cookieConsent.js/**
* Script by Portent, an internet marketing agency.

// change this variable to match your domain
var sitedomain = "";

function cookieConsent(sGeobytesInternet,sGeobytesMapReference) {
if (! Get_Cookie( 'cookieConsent' ) == true ) {
if (typeof(sGeobytesInternet) == "undefined") {
// Something has gone wrong with the variables, so set them to some default value,
// maybe set a error flag to check for later on.
var sGeobytesInternet = "unknown";
if (typeof(sGeobytesMapReference) == "undefined") {
var sGeobytesMapReference = "unknown";
if (sGeobytesMapReference == "Europe") {
if (confirm("We need your consent to set browser cookies we use on this site. Press 'OK' to give your consent. For more information, please read our privacy policy.")) {
// parameters for Set_Cookie: name, value, expires, path, domain, secure
Set_Cookie( 'cookieConsent', true, '90', '/', sitedomain, '' );
} else {
// parameters for Delete_Cookie: name, path, domain
Delete_Cookie('cookieConsent', '/', sitedomain);
window.location = "http://www." + sitedomain + "/cookie-consent.htm";
} else if ( Get_Cookie( 'cookieConsent') == false ) {
Delete_Cookie('cookieConsent', '/', sitedomain);
window.location = "http://www." + sitedomain + "/cookie-consent.htm";

function acceptCookies() {
// parameters for Set_Cookie: name, value, expires, path, domain, secure
Set_Cookie( 'cookieConsent', true, '90', '/', sitedomain, '' );
alert("You have consented to allowing cookies. Click 'OK' to continue to the homepage.");
window.location = "http://www." + sitedomain + "/";

function denyCookies() {
// parameters for Delete_Cookie: name, path, domain
Delete_Cookie('cookieConsent', '/', sitedomain);
alert("You have choosen to NOT consent to allowing cookies.");
window.location = "http://www." + sitedomain + "/cookie-consent.htm";

function Set_Cookie( name, value, expires, path, domain, secure ) {
// set time, it's in milliseconds
var today = new Date();
today.setTime( today.getTime() );

if the expires variable is set, make the correct
expires time, the current script below will set
it for x number of days, to make it for hours,
delete * 24, for minutes, delete * 60 * 24
if ( expires )    {
expires = expires * 1000 * 60 * 60 * 24;
var expires_date = new Date( today.getTime() + (expires) );

document.cookie = name + "=" +escape( value ) +
( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );

function Get_Cookie( check_name ) {
// first we'll split this cookie up into name/value pairs
// note: document.cookie only returns name=value, not the other components
var a_all_cookies = document.cookie.split( ';' );
var a_temp_cookie = '';
var cookie_name = '';
var cookie_value = '';
var b_cookie_found = false; // set boolean t/f default f

for ( i = 0; i < a_all_cookies.length; i++ ) {
// now we'll split apart each name=value pair
a_temp_cookie = a_all_cookies[i].split( '=' );

// and trim left/right whitespace while we're at it
cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');

// if the extracted name matches passed check_name
if ( cookie_name == check_name ) {
b_cookie_found = true;
// we need to handle case where cookie has no value but exists (no = sign, that is):
if ( a_temp_cookie.length > 1 )    {
cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
// note that in cases where cookie is initialized but no value, null is returned
return cookie_value;
a_temp_cookie = null;
cookie_name = '';
if ( !b_cookie_found )    {
return null;

// this deletes the cookie when called
function Delete_Cookie( name, path, domain ) {
if ( Get_Cookie( name ) ) document.cookie = name + "=" +
( ( path ) ? ";path=" + path : "") +
( ( domain ) ? ";domain=" + domain : "" ) +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";

Second, make sure you include the javascript file on every page of your website, using the following code (the code must be implemented in the header of your web-pages)

Code implemented in the web-page Header<script src="cookieConsent.js" type="text/javascript"></script>

Third, initiate the script by implementing the following code on all your web-pages (the code must be implemented above the end body tag of your pages – before </body>)

Code implemented before the end </body> tag<script src=",sGeobytesCountry,sGeobytesMapReference"></script>

Forth, create a Static Cookie Consent page where visitors are redirected if they don’t give their consent on the use of cookies. This page should not set any cookies, so stay away from implementing analytics or advertising codes on this page. The page should have a message something similar to bellow (but you can adapt it to your own need, and if you are a big business, make sure your discuss this with your lawyers as well):

Static Cookie Consent page<!-- Script by Portent, an internet marketing agency. -->
<script src="cookieConsent.js" type="text/javascript"></script>


Europe requires that we alert our visitors if we use cookies on our website. We only use cookies for traffic data purposes and do not store any personal data. For more information, please visit our Privacy Policy.

<strong>To use our website, <a onclick="acceptCookies();" href="javascript:void(0)">click here to consent to accepting cookies.</a></strong>

To no longer use cookies on our site, <a onclick="denyCookies();" href="javascript:void(0)">click here</a>.

Having done all these above steps will bring you in compliance with new EU cookie laws that already started being implemented in the UK.

The script was developed and offered for free by Portent – UK Cookie Law Solution.