According to GDPR regulations you might need to add a banner on your site where a website visitor can accept/reject cookies.

A basic cookies modal can look like this:


We can store this decision in session[:cookies_accepted].

If a user accepts - expect normal website behavior.

If a user rejects - you might want to disable some tracking services:

<%= render "shared/google_analytics" if (session[:cookies_accepted] == true) %>


Generate views, controllers, routes for our cookies:

# Terminal
rails g controller cookies index
  • Render the cookies view inside a turbo_frame_tag;
  • Display links to accept/reject modals:
# app/views/shared/cookies_banner.html.erb
<%= turbo_frame_tag :cookies_modal do %>
  <% if session[:cookies_accepted].nil? # don't re-render if a true/false selected %>
    <section class="cookies-modal">
      <h3>We process cookies.</h3>
      <%= link_to "Accept cookies", cookies_path(cookies: true), method: :post %>
      <%= link_to "Reject cookies", cookies_path(cookies: false), method: :post %>
  <% end %>
<% end %>

Positioning the modal with css:

/* app/assets/stylesheets/application.css */
.cookies-modal {
  position: absolute;
  padding: 0.5rem;
  z-index: 2;
  left: 0.5rem;
  bottom: 0.5rem;
  min-width: 50%;
  max-width: 24rem;
  word-break: break-word;
  border-radius: 6px;
  background: #bad5ff;

A simplistic route:

# config/routes.rb
  get 'cookies', to: 'cookies#index' 

Display cookies template, update preferences based on selected accept/reject params:

# app/controllers/cookies_controller.rb
  def index
    session[:cookies_accepted] = params[:cookies] if params[:cookies]

Finally, to make the cookies modal visible in the app, conditionally display a turbo_frame pointing to the cookies_banner in the layout, if the cookies true/false has not yet been selected:

# app/views/application.html.erb
<%= session[:cookies_accepted] # display selected value for testing purposes %>
<%= turbo_frame_tag :cookies_modal, src: cookies_path if session[:cookies_accepted].nil? %>

P.S. for setting session[:cookies_accepted] to nil and re-testing the above, you can simply add the below line to any #GET controller action in your app and visit the page:

# app/controllers/home_controller.rb
class HomeController < ApplicationController
  def index
+    session[:cookies_accepted] = nil

That’s it!

Alternatively, there are some cookies/GDPR gems: