@SharkyKZ thanks for the review. I will address them all later. Be aware though that almost all the code you commented on is copy paste from other j4 plugins.

Suggest to use same system used for offline message, i.e. possibility to use default (core lang string) or Custom, that last one with the possibility to use a lang constant (i.e. passing through Text::_() )

possibility to use default (core lang string) or Custom, that last one with the possibility to use a lang constant (i.e. passing through Text::_() )

@infograf768 it does have that already as stated in the first post.

That is not exactly what i suggested.
I suggested to have the choice between a default string which would exist in core and what you display above. similar to what we have for offline message.
this means 2 fields, not one.

this means 2 fields, not one.

No thats not a good solution at all and imho should be changed

This is the same solution used for several plugins for a long time so it is consistent behaviour with them.

No thats not a good solution at all and imho should be changed

This is the same solution used for several plugins for a long time so it is consistent behaviour with them.

A few remarks and bugs

How does the user know that he has to create a totally new lang string constant in override as overriding the default

PLG_SYSTEM_COOKIECONSENT_MESSAGE_TEXT_DEFAULT by
creating an override for the default
PLG_SYSTEM_COOKIECONSENT_MESSAGE_TEXT_DEFAULT="This website uses cookies to ensure you get the best experience on our website. If you do not know you can create an override and create it for administrator and site, hard luck for you.\n\nAlso, sorry, but Clicking on 'Learn More' will not work because the administrator of this site have not chosen an article to display."

=> No message display in frontend. Bug imho.
Curiously, it displays fine when editing the plugin:

Let's say this is corrected: How to know this without very complex explanations?
No tip to explain that. Again something hidden in a doc somewhere?

Other test, article

Keeping the default without override:
If one does not create an article Learn More is still present. Bug.
Create an article for the Learn More:
It displays in the component area instead of a modal. I suggest to modify ths behavior.

Other test: new constant

Creating a new constant for the Message:
PLG_SYSTEM_COOKIECONSENT_MESSAGE_MYTEXT="This website uses cookies to ensure you get the best experience on our website. If you do not know you can create an override and create it for administrator, hard luck for you.\n\nAlso, sorry, but Clicking on 'Learn More' will not work because the administrator of this site have not chosen an article to display."

Override string

Result => untranslated string

Testing further

I added the string in en-GB.ini.
No change. =>bug.

basically, the only way I found to modify the message was to edit the string PLG_SYSTEM_COOKIECONSENT_MESSAGE_TEXT_DEFAULT in the en-GB.plg_system_cookieconsent.ini file or enter a text in the field.

Learn More

This one can be overriden fine
PLG_SYSTEM_COOKIECONSENT_POLICY_TEXT_DEFAULT="Learn more if you need"
works ok if you add in site language overrides.

Hope this helps.

I will repeat - the code/ui here is the same as for the user/terms plugin, the content/confirmconsent plugin and the user/profile plugin

I will repeat - the code/ui here is the same as for the user/terms plugin, the content/confirmconsent plugin and the user/profile plugin

I have just demonstrated that it is broken for this one.
Just test.

PLG_SYSTEM_COOKIECONSENT_MESSAGE_TEXT_DEFAULT in the en-GB.plg_system_cookieconsent.ini file or enter a text in the field.

That is the expected behaviour

That is the expected behaviour

I guess you are very confused. Read your own post above:
#26301 (comment)

Found out the culprit for the message override.
The override created value should never contain non-escaped singlequotes or counterslashes.

Or. rather, adding addslashes().
Example in .../plugins/system/cookieconsent/cookieconsent.php
$message = addslashes($this->params->get('message-text', Text::_('PLG_SYSTEM_COOKIECONSENT_MESSAGE_TEXT_DEFAULT')));

will solve the issue.
same for other possible overrides

Which gives (to also take care of the absence of an article):

		// Get the settings from the plugin
		$position         = $this->params->get('position', 'bottom');
		$layout           = $this->params->get('layout', 'block');
		$bannercolour     = $this->params->get('bannercolour', '#000000');
		$buttoncolour     = $this->params->get('buttoncolour', '#ffffff');
		$buttontextcolour = $this->params->get('buttontextcolour', '#383b75');
		$bannertextcolour = $this->params->get('bannertextcolour', '#f1d600');
		$message          = addslashes($this->params->get('message-text', Text::_('PLG_SYSTEM_COOKIECONSENT_MESSAGE_TEXT_DEFAULT')));
		$dismiss          = addslashes($this->params->get('button-text', Text::_('PLG_SYSTEM_COOKIECONSENT_BUTTON_TEXT_DEFAULT')));
		$valid            = $this->params->get('valid', '-1');
		$href             = $this->getAssignedPolicylinkUrl();
		$link             = $href ? addslashes($this->params->get('policylink-text', Text::_('PLG_SYSTEM_COOKIECONSENT_POLICY_TEXT_DEFAULT'))) : '';

I have tested this item ? unsuccessfully on 222c2ea

Missing addslashes as posted above.

Also, contrary to Terms and Conditions for example,the article is not loaded in a modal.

The Cookie Directive is changing to the effect that the previously used opt-out variant is then no longer permitted. With the opt-out variant, the visitor does not necessarily have to give consent to the use of cookies, but tacit consent was possible.

This is now changing to the effect that consent to the use of cookies is required or, alternatively, the deactivation of cookies should be possible. All this under the premise that the website content should also be made available if the visitor deactivates the use of cookies and if possible directly at the beginning before the actual use of the website.

In addition the possibility to maintain the external tracking scripts is missing here. If you only use Joomla session cookies you don't need the consent anyway.

The Cookie Directive is changing to the effect that the previously used opt-out variant is then no longer permitted.

I didnt find anything about this change but its not relevant to this pr anyway

In addition the possibility to maintain the external tracking scripts is missing here.

Beyond the scope of this pr as described in the original post and extensions are available for this

If you only use Joomla session cookies you don't need the consent anyway.

Its not just session cookies that joomla sets ;) I personally agree with you that they are cookies that you dont need consent for but it seems that the majority of the uninformed do not agree.

The Cookie Directive is changing to the effect that the previously used opt-out variant is then no longer permitted.

I didnt find anything about this change but its not relevant to this pr anyway

I think he is talking about this german article and the paper (Un)informed Consent: Studying GDPR Consent Notices in the Field it's based on

Well then that doesn't apply here as it is not about GDPR and I prefer to work with what the law says not what an article says

Well then that doesn't apply here as it is not about GDPR and I prefer to work with what the law says not what an article says

That's what they do too ;-)

On May 25, 2018, the European Union’s General Data Protection
Regulation (GDPR; Regulation (EU) 2016/679) went into effect. Its
Article 6 contains six legal bases for the processing of personal
data of European residents, including that “the data subject has
given consent to the processing of his or her personal data for one
or more specific purposes”. Recital 32 of the GDPR and guidelines
published by EU data protection authorities [6] require for valid
consent “a clear affirmative act” that is a “freely given, [purpose-
]specific, informed and unambiguous indication of [...] agreement
to the processing of personal data.” Another document clarifies the
relationship between the ePrivacy Directive (2002/58/EC) and the
GDPR for the use of cookies: Article 5(3) of the directive governs
access to non-necessary cookies in the user’s browser, whether it
contains personal data or not, while the GDPR applies to subsequent
processing of personal data retrieved via cookies [15].

And as you mention already in your description:

This is the approach used by most websites, and appears to be sufficient in the UK. Other countries may have stricter rules and may warrant a stricter solutions for which other extensions are available.

I don't think it makes sense to only full fill the requirements to the subset of the countries requiring the cookie policy. Also the ePrivacy directive could be more strict (if it ever comes).

This is not about GDPR and personal data

patch could not be applied for test...

some basic thoughts about cookie consent:
actually it is about gdpr according to Recital 78 - privacy by default (https://gdpr-info.eu/recitals/no-78/ ). But foremost it is about the Directive 2002/58/EC - Article 5 3. wich says: within the EU and for EU citizens, an explicit opt-in procedure must be used. However, this applies exclusively to the use of tracking cookies and cookies for advertising purposes.
Session cookies, user cookies or 'remember me' cookies do not need any consent or information.

I'm afraid that this plugin is not necessary in this form, and may even cause damage if someone thinks it is legally compliant.

I have tested this item ✅ successfully on 55532f0

works but is not sufficient to run a gdpr/ePrivacy compliant Website! (see comment)

I have tested this item ? unsuccessfully on 55532f0

cannot test, npm i error (Cannot find module 'walk-sync')

Session cookies, user cookies or 'remember me' cookies do not need any consent or information.

With this information and the hint that you may treat tracking and further analysis cookies separately and may not set cookies without consent, the question arises whether this should really be a core plugin.
However, the "Cookie Consent by Osano" script can do even more. It offers the possibilities of consent and rejection. But also not without adjustments by the user and then it again becomes very complicated for the normal user. But there are already many extensions in JED that do this partly based on the "Osano" solution or even go further than required today.