Hi Guys!The client I work for wants me to offer a satisfaction survey, however this survey will only be offered once based on values saved in cookies and these cookies will last for one month, I'm trying to understand the best way to do this implementation, could anyone please make suggestions?
Hello Fabiano,
You can use Actions from the HTTPRequestHandler system extension to handle cookies, but I would advise you to consider if cookies make sense for your requirements. They should be an option if you must offer this survey to anonymous users, since there's no way to identify them if they don't login - if the survey would only be offered to authenticated users, you could store everything server side associated with a User Id.
If you must resort to cookies, my advice would be to generate a unique identifier (a GUID, for instance) and associate it with each user that accesses the application without this cookie. You'd keep all associated information to this identifier serverside in an Entity and not store anything clientside besides the identifier - this keeps your users from tampering with whatever flags and logic you associate with your cookies.
@Afonso Carvalho, I agree with you, but the user wants it that way even though they argue that it would make more sense to save the information on the server.
And I still need to store this cookie information for 31 days
If you have to use them, I'd just use them strictly to identify your user. One identifier, and then the rest of the necessary fields in your database, with the identifier as your key. If your user insists that the actual information needs to be stored in the browser, then I'd at least try to obfuscate their values.
It depends on how robust you need the survey mechanism to be - if there's no issue with users being able to tamper with the process, then you can just store everything in cookies and accept the possibility.
You can use SetCookie and GetCookie actions from HTTPRequestHandler extension which you can add to your module.
Hello,
If you have to use cookies, then most important aspect that needs attention is security. Please refer below post for guidelines.
https://success.outsystems.com/documentation/11/developing_an_application/secure_the_application/enable_secure_session_cookies_and_set_application_cookies_as_secure/
Hope it helps!
Junaid