X-Cart:EU Cookie Law

From X-Cart 4 Classic
Jump to: navigation, search

Important: On 14 April 2016, the EU Parliament approved the General Data Protection Regulation (GDPR) 2016/679 - a piece of legislation concerning the protection of personal data and privacy for all individuals within the European Union and the export of personal data outside the EU. The GDPR replaces the 1995 Data Protection Directive.

On 25 May 2018, after a two-year transition period, the GDPR becomes enforceable.

The new EU regulation will impact business not only in the EU but those outside as well - if they process the personal data of EU residents (for example, collect email addresses, monitor the behavior of site visitors by IP, etc). Organizations in non-compliance may face heavy fines.

To help X-Cart 4 Classic stores comply with the requirements of the new regulation easier, we’ve created a new module - GDPR-friendly. The new GDPR-friendly module is aimed to replace the EU cookie law module which used to be available as part of the core functionality in older X-Cart versions. The GDPR-friendly addon includes all the features of the EU cookie law module and provides more GPDR-specific features on top of that.

More information on GDPR is available in our blog article GDPR Is Almost Here, Impacting Online Stores in EU and Outside. X-Cart Is Ready.

EU Cookie Law module

X-Cart 4.5.1or above

X-Cart's EU Cookie Law module is a solution for X-Cart shop owners in the European Union looking to comply with the law requiring user consent when using cookies.

EU Cookie Law is available as a built-in module in all X-Cart editions starting with version 4.5.1. Implementation of the EU Cookie Law module functionality in earlier X-Cart versions is possible upon request.


In 2009 European legislation regulating the use of cookies and similar technologies for storing information was changed: Directive 2002/58/EC concerned with the protection of privacy in the electronic communications sector, otherwise known as e-Privacy Directive, was amended by Directive 2009/136/EC; this included a change to Article 5(3) of the Directive, which is applicable to cookies. Revised Article 5(3) says that information (including cookies) can be stored on a user's computer, or accessed from that computer, only if the user "has given his or her consent, having been provided with clear and comprehensive information ... about the purposes of the processing." An exception is made for cookies deemed to be "strictly necessary" for the delivery of a service requested by the user.
By May 25, 2011, the Directive was to be transposed into the national laws of the EU's 27 member states. Although this deadline was missed by many states, the majority managed to comply with the EU cookie law by June 2012.
Controversial as it may be, the EU cookie law is here to stay, so we came up with a solution that can help you to comply with its requirements.

EU Cookie Law module overview

Here is an overview of the EU Cookie Law module features.

In a store with enabled EU Cookie Law module, first time visitors see a panel along the top side of the webpage which informs them that the store they are visiting uses cookies, and, according to the current cookie settings, all cookies are allowed for the best shopping experience:

EU cookie law panel.png

The panel provides a clear indication that the visitors can choose either to consent to the use of all available cookies or to change the existing cookie settings to refuse some of the cookies.

The visitors can indicate their acceptance of all cookies by continuing to use the store website without changing the cookie settings. The cookie information panel will be hidden automatically in 60 seconds (60 seconds is the default value; if necessary, the store administrator can readjust the cookie information panel display time). There is also the Close button which the visitors can click to get the panel out of the way before its display time period expires.

For the visitors who are not ready to allow all cookies, there is the Change settings button. By clicking this button, the visitors can access the 'Change cookie settings' panel where they can obtain detailed information as to what cookies are used in the store and what they do, as well as indicate which cookies they wish to accept, and which to refuse. The Change cookie settings panel opens in a JavaScript popup:

Change cookie settings popup.png

For users' convenience, all the cookies have been divided into three types: strictly necessary, functional and other. "Strictly necessary" are cookies without which the store website will not be able to function properly; according to the EU cookie law, such cookies can be used without the need for the visitors' consent. As you can see from the screenshot above, the 'disable' option for this type of cookies is not provided. Unlike "strictly necessary" cookies, "functional" and "other" cookies can be freely enabled/disabled by users according to their preferences, with the reservation that disabling these cookies will result in certain features of the website becoming unavailable. To find out what cookies in X-Cart belong to which type, see the section X-Cart cookies below.

Note that after the cookies information panel has been closed, the visitors will still be able to access the 'Change cookie settings' panel at any time via the Change cookie settings link in the 'Special' section:

Cookie settings link.png

After a store visitor defines his or her cookie preferences using the 'Change cookie settings' panel, the preferences are saved to his or her user profile, provided that the visitor has one and is logged in, or - if the visitor is not a registered user or is not logged in - are placed on the visitor's computer in the form of a cookie. Thus, on their subsequent visits to the store, the users will not have to readjust their cookie preferences for the store website again.

Note that the 'Change cookie settings' panel allows users not only to define how they wish to treat future cookies, but also to control the cookies that might have already been set onto their computer as a result of using the store website: if, by the time a user decides to refuse certain type(s) of cookies, the said cookies are already stored on his or her computer, they will be removed as soon as the user clicks the Save and close button on the panel to save the respective 'disable' prefereces.

X-Cart cookies

To find out whether a specific cookie used by your store is "strictly necessarry", "functional" or "other", you can refer to the EU Cookie Law module configuration file <xcart_dir>/modules/EU_Cookie_Law/config.php. This file defines your store's "strictly necessary" and "functional" cookies. The "strictly necessary" cookies are listed in the $config['EU_Cookie_Law']['strictly_necessary_cookies'] variable, whereas the list of "functional" cookies can be seen in the $config['EU_Cookie_Law']['functional_cookies'] variable. Typically, the said lists will include the following cookies:

Strictly necessary cookies
$XCART_SESSION_NAME Remembers the user's shopping cart contents
Remembers the user's personal account information (name, address, orders history, etc)
eucl_cookie_access EU Cookie Law module cookie; stores the user's cookie preferences
Functional cookies
$XCART_SESSION_NAME . 'C_remember'
$XCART_SESSION_NAME . 'B_remember'
$XCART_SESSION_NAME . 'A_remember'
$XCART_SESSION_NAME . 'P_remember'
Allow to restore the user's context (store codes that allow X-Cart to know where to redirect the user after log-in, store some parameters for wishlist and special offers bonuses pages)
Remember the user's membership in an affiliate program (if any)
Stores MailChimp campaign ID and landing site
GreetingCookie Remembers the user's name for the greeting message
Allow collection of statistics on the user's purchases
RefererCookie Stores the URL of the site from which the user came to the store
store_country Remembers the user's country preferences (MultiCurrency module)
store_currency Remembers the user's currency preferences (MultiCurrency module)
store_language Remembers the user's language preferences

Note that both the lists are not something permanent: if you install any modules at your store, the cookies used by these modules can be added to the lists.

"Other" cookies are all the cookies that are not listed in the $config['EU_Cookie_Law']['functional_cookies'] and $config['EU_Cookie_Law']['strictly_necessary_cookies'] variables. For example, __utma, __utmb, __utmc (Google Analytics).

Enabling the EU Cookie Law module

The EU Cookie Law module is disabled in X-Cart by default. To be able to use this module in your store, you need to enable it.

To enable the module:

  1. In Admin area, go to the Modules section (Settings menu->Modules).
  2. Choose the 'EU Cookie Law' item by selecting the respective check box on the left.
  3. Click the Apply changes button. This activates the module.

The module does not require any additional configuration and will work out of the box.

Changing the cookie informantion panel display time

The time for which the cookie information panel is displayed during a user's first visit to the store website is defined by the value of the countdown_sec variable in the file <xcart_dir>/skin/common_files/modules/EU_Cookie_Law/func.js. By default, this value is set to 60 seconds. If you wish to change the cookie information panel display time, edit the file <xcart_dir>/skin/common_files/modules/EU_Cookie_Law/func.js in a plain text editor replacing the "60" in the following line:

var countdown_sec = 60;

with the desired value in seconds.