20
Views
6
Comments
Solved
Block Internal cookies until user acceptance
Application Type
Traditional Web
Service Studio Version
11.9.1 (Build 33435)

Hi everyone,

I am trying to setup our application to be GDPR compliance and I would like to block the Internal cookies, osVisitor / osVisit / pageLoadedFromBrowserCache until the user accepts the conditions. 

Since osVisitor and osVisit are server-side I can't access them, so is there a way to block/remove these cookies and set them up again? I checked the SetCookie action from HTTPRequestHandler but doesn't achieve the intended purpose.

Best Regards,

Jorge Cerveira  

Rank: #94
Solution

Hello Jorge,

Hope you are doing well.


The most common way to delete a cookie is to set its expiration date to the past.

You should be able to do it client-side using JavaScript. If you do this in the browser:

function delete_cookie(cookiename) {
  document.cookie = cookiename +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT;';
}

delete_cookie('pageLoadedFromBrowserCache')

and refresh the page after, you will see that the cookie pageLoadedFromBrowserCache will be deleted.


However, for cookies osVisit and osVisitor, you won't be able to delete them using this method. The reason behind it it's the fact that both of these cookies have their HttpOnly flag set and it won't be possible to delete them using JavaScript (according to this documentation and this documentation).


An alternative for this is to delete cookies server-side using C# .NET. This way should allow you to delete any cookie, because it will replace the existing one.

I made an extension for you with this implementation, please refer to attached XIF file. I did some tests and it seems to delete osVisit and osVisitor cookies with no problem :)

About setting them up again, you should be able to do it using SetCookie action from HTTPRequestHandler.


Hope that this helps you!


Kind regards,

Rui Barradas

CookieManagementServer.xif

mvp_badge
MVP
Rank: #72

Hi Jorge,

Although it is possible to delete these cookies as Rui has showed you, please bear in mind that you may lose some functionality in your applications that require user authentication. You can read more about cookies used in OutSystems applications and the consequences of disabling them in this article.

Regards,

Nordin

Rank: #5338

Hi Nordin,

Correct I already checked it out when searching for a solution, this is really last resort and I hope I can avoid it :)


Thanks

Rank: #5338

Thanks Rui! 

That's exactly what I was looking for :)

Rank: #94

Good to know Jorge! Great news :)

You're most welcome!


Kind regards,

Rui Barradas

Rank: #94

Hello guys,

In the follow up of this topic, an idea came up in order to implement a component that allows you to manage the cookies of your applications :)

You can check it in here:

https://www.outsystems.com/forge/component-overview/9847/cookie-management-utils


Kind regards,

Rui Barradas