Frontend IntegrationCookie Consent Management

Cookie Consent Management

How to keep Sophi usable from the first page view while respecting GDPR/KVKK cookie rules.

This page explains how to keep Sophi usable from the first page view while respecting GDPR/KVKK cookie rules.

Recommended approach for most storefronts:

  1. Load Sophi on all pages (including before consent), often via SDK GTM Integration.
  2. Start in memory-only mode (storageConsent: false).
  3. Upgrade to persistent mode immediately when cookie consent is granted.

This gives visitors an instant chat experience and keeps tracking/storage behavior aligned with your consent policy.

Before consent is granted:

  • No cookies or localStorage are written or read. The chat session lives only in memory, so the visitor starts fresh on every page load.
  • The chat works fully as a guest — no userId is sent to the backend, so the session is never linked to a known user.
  • The Web Object analytics SDK stays completely passive: no session is created and no events are sent until consent is granted.

When consent is granted, the SDK upgrades in place: it persists the current in-memory session to cookies and (for logged-in users) merges the guest session into the user account.

Chat vs. analytics

The chat (sophi-web-sdk) runs anonymously as a guest because it is a service the visitor explicitly requested. The Web Object analytics SDK (sophi-web-object) sends nothing until consent — tracking requires consent.

storageConsent flag

A single flag controls consent-aware behavior end-to-end. It defaults to true (the existing persistent behavior), so memory-only pre-consent mode is strictly opt-in and existing integrations are unaffected.

SurfaceHow to set it
Widget Launcherconsent: { storage: false } in window.sophiWidgetConfig
Web SDK (SophiWidget.init)storageConsent: false
Web Object (window.sophi_object.config)storageConsent: false

When the visitor accepts cookies, call the matching method. The open chat is upgraded in place — the conversation is not lost.

// e.g. inside your cookie banner's "Accept" handler
window.sophiWidget.setConsent(true);
widget.setStorageConsent(true);
window.SophiTracker.setConsent(true);

Calling the same method with false withdraws consent at runtime: cookies are cleared and the SDK falls back to memory-only.

Runtime upgrade flow

The sequence below shows what happens when a logged-in visitor accepts cookies while the chat is open:

Loading diagram…
  • For guest visitors, only the cookies are written — no merge.
  • For logged-in visitors, the existing guest session is merged into the user via Sophi's standard endpoint. No extra backend work is required.

GTM-first integration guidance

If you use GTM, this is the preferred rollout pattern:

  • Load the widget on all pages through GTM.
  • Initialize with storageConsent: false until consent is granted.
  • On banner accept, call setConsent(true) / setStorageConsent(true).
  • Keep Web Object passive until consent, then enable it with the same consent signal.

If your policy requires loading nothing until consent, use a strict consent-gated setup from SDK GTM Integration.

Why this structure

Splitting cookie consent handling into its own section improves usability for integration teams:

  • Product and legal teams can review policy impact in one place.
  • Frontend teams can implement a single consent signal across SDK surfaces.
  • GTM owners can follow a clear activation path without reading low-level SDK details first.

On this page