Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Selectively delete cookies when user disables a setting #102

Open
mikemonteith opened this issue May 4, 2020 · 0 comments
Open

Selectively delete cookies when user disables a setting #102

mikemonteith opened this issue May 4, 2020 · 0 comments

Comments

@mikemonteith
Copy link
Contributor

At the moment, when a user changes any of their consent settings to disallow, we delete all cookies except for the consent cookie.

This is a bit of a heavy-handed approach.
If a user decides to disallow "marketing" type cookies we should not delete cookies of other types such as "necessary" or "statistics".

Related code: https://github.com/nhsuk/cookie-consent/blob/master/src/cookieconsent.js#L139

Possible solutions

1. Cookie list API

The way cookiebot works is a list of cookie names and categories is maintained on their service. When a user disallows a cookie type, the cookiebot API is called and appropriate cookies are deleted.
Cookiebot's API is not for 3rd party use, so we can't use it, we would have to create our own cookiebot-like backend service.
This introduces a lot complexity of maintaining a backend service to manage the list.

2. Cookie whitelist

Add a configuration option to whitelist necessary cookies such as login tokens. If a cookie is on the list, it never gets deleted. All other non-whitelisted cookies would still be deleted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant