How to store cookies only if user consent to them??

Vote:
 

Hi, I'm implementing OneTrust integration for my client and I encountered one problem. There are cookies categorized as functional ones, related to EpiForms:

.EPiForm_VisitorIdentifier, .EPiForm_BID, EPiForm_{FormGuid}

is there any way to dynamically set if cookies should be stored (based on user consent)? I only found suggestion of setting cookie expiration day to -1, but it would turn cookies off in general. I want to avoid that. Is there anybody out there, who already walked through such change?

#256703
Jun 16, 2021 13:06
Vote:
 

Not with OneTrust, but with another similar solution. 

Simply override the FormContainer, check if cookies consent if given. If no consent, show a message telling the user "form unavailable until consent is given" instead of the form. 

#256815
Jun 19, 2021 14:43
Vote:
 

For any future readers - here's an alternative that I was able to throw together based on this page https://docs.developers.optimizely.com/content-cloud/v1.2.0-forms/docs/how-cookie-works
I've done some basic tests and it seems to work.

(Edit: Note that this implementation uses Optimizelys internal API)

[ServiceConfiguration(typeof(IVisitorIdentifyProvider))]
public class CustomVisitorIdentifyProvider : DefaultVisitorIdentifyProvider
{
    private static readonly object _lock = new object();

    /// <summary>
    /// Optimizely Container will scan in all assemblies to find out which Implementation will get executed.
    /// If there are multi-implementations, class with lowest Order will be executed. The Order of DefaultVisitorIdentifyProvider class is 1000.
    /// So we have to set this value to 1 (as long as lower than 1000)
    /// </summary>
    public override int Order
    {
        get { return 1; }
    }

    public override string BuildVisitorIdentifier(string browserID, string userID)
    {
        // TECH NOTE: When access cookies from multi threads, sometime it throw exceptions even we use lock for synchronizing.
        // So that we need surround code with try/catch to make sure the exception does not break the request.
        lock (_lock)
        {
            try
            {
                var cookieConsent = Context.Request.Cookies["CookieConsent"];

                if (cookieConsent?.Value != "1")
                    return string.Empty;

                return base.BuildVisitorIdentifier(browserID, userID);
            }
            catch (Exception)
            {
                return string.Empty;
            }
        }
    }

    /// <summary>
    /// Set form cookie.
    /// </summary>
    public override string GetVisitorIdentifier()
    {
        lock (_lock)
        {
            try
            {
                var cookieConsent = Context.Request.Cookies["CookieConsent"];

                if (cookieConsent?.Value != "1")
                    return string.Empty;

                return base.GetVisitorIdentifier();
            }
            catch (Exception)
            {
                return string.Empty;
            }
        }
    }

    public override void SetVisitorIdentifier(string visitorIdentifier)
    {
        lock (_lock)
        {
            try
            {
                var cookieConsent = Context.Request.Cookies["CookieConsent"];

                if (cookieConsent?.Value != "1")
                    return;

                base.SetVisitorIdentifier(visitorIdentifier);
            }
            catch (Exception)
            {
                // ignored
            }
        }
    }
}
#279931
Edited, May 06, 2022 14:27
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.