You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment, when a user changes any of their consent settings to disallow, we delete all cookies except for the consent cookie.
This is a bit of a heavy-handed approach.
If a user decides to disallow "marketing" type cookies we should not delete cookies of other types such as "necessary" or "statistics".
The way cookiebot works is a list of cookie names and categories is maintained on their service. When a user disallows a cookie type, the cookiebot API is called and appropriate cookies are deleted.
Cookiebot's API is not for 3rd party use, so we can't use it, we would have to create our own cookiebot-like backend service.
This introduces a lot complexity of maintaining a backend service to manage the list.
2. Cookie whitelist
Add a configuration option to whitelist necessary cookies such as login tokens. If a cookie is on the list, it never gets deleted. All other non-whitelisted cookies would still be deleted
The text was updated successfully, but these errors were encountered:
At the moment, when a user changes any of their consent settings to disallow, we delete all cookies except for the consent cookie.
This is a bit of a heavy-handed approach.
If a user decides to disallow "marketing" type cookies we should not delete cookies of other types such as "necessary" or "statistics".
Related code: https://github.com/nhsuk/cookie-consent/blob/master/src/cookieconsent.js#L139
Possible solutions
1. Cookie list API
The way cookiebot works is a list of cookie names and categories is maintained on their service. When a user disallows a cookie type, the cookiebot API is called and appropriate cookies are deleted.
Cookiebot's API is not for 3rd party use, so we can't use it, we would have to create our own cookiebot-like backend service.
This introduces a lot complexity of maintaining a backend service to manage the list.
2. Cookie whitelist
Add a configuration option to whitelist necessary cookies such as login tokens. If a cookie is on the list, it never gets deleted. All other non-whitelisted cookies would still be deleted
The text was updated successfully, but these errors were encountered: