[MGNLPRIV-27] Wrong path for privacy cookie(s) 'mgnlVisitorId' Created: 08/Jun/18 Updated: 15/Jun/18 Resolved: 15/Jun/18 |
|
| Status: | Closed |
| Project: | Privacy |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Christoph Meier | Assignee: | Unassigned |
| Resolution: | Obsolete | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: | |
| Epic Link: | GDPR consents |
| Description |
|
I have observed, that the cookie mgnlVisitorId - used for the visitor tracking to store consent for personal data such as email - is set 2 times with 2 different paths:
This happens when following the typical procedure of using the form, then giving consent with the email link. Whether that's an issue with other cookies too - I don't know, to be verified. According to Roman we may want to set a default value / (I guess in the CookieDefinition)? A first interpretation is, that, if there is no path given, the HTTP cookie API sets the path for the cookie for the given request URL path. |
| Comments |
| Comment by Roman Kovařík [ 11/Jun/18 ] |
Thinking about it again, I suggest to not add a default value and properly explain in the field description of the detail subapp:
Then we need set "path=/" for the mgnlVisitorId cookie. |
| Comment by Christoph Meier [ 11/Jun/18 ] |
|
I agree rkovarik. I will mention this in the docs. Setting / to the cookie definition means $context/, right? However, the cookie definition of the visitorId then requires to be set accordingly. |
| Comment by Roman Kovařík [ 11/Jun/18 ] |
Not really, it's literally "/". The impression that the default is $context/ probably comes from this: In production, author and public are deployed under different domains so the context path "/" is "standard" path for cookies, no need for a context path.
|
| Comment by Roman Kovařík [ 15/Jun/18 ] |
|
Closing and marking as obsolete, mgnlVisitor cookie was dropped. There can be still a possible issue regarding the coookies_consent cookie. cmeier claims that he had two different cookies for different paths. Since
I'm closing this ticket. Please reopen if needed. |