[MGNLPRIV-27] Wrong path for privacy cookie(s) 'mgnlVisitorId' Created: 08/Jun/18  Updated: 15/Jun/18  Resolved: 15/Jun/18

Status: Closed
Project: Privacy
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Christoph Meier Assignee: Unassigned
Resolution: Obsolete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: GDPR consents

 Description   

I have observed, that the cookie mgnlVisitorId - used for the visitor tracking to store consent for personal data such as email - is set 2 times with 2 different paths:

  • $context/travel
  • $context/travel/contact

This happens when following the typical procedure of using the form, then giving consent with the email link.
For this case we should definitely store just one cookie just with /.

Whether that's an issue with other cookies too - I don't know, to be verified.

According to Roman we may want to set a default value / (I guess in the CookieDefinition)?

A first interpretation is, that, if there is no path given, the HTTP cookie API sets the path for the cookie for the given request URL path.



 Comments   
Comment by Roman Kovařík [ 11/Jun/18 ]

According to Roman we may want to set a default value / (I guess in the CookieDefinition)?

Thinking about it again, I suggest to not add a default value and properly explain in the field description of the detail subapp:

  • leave empty if the cookie should be valid just for the subtree of the active page
  • use "/" if the cookie should be valid for whole domain.

Then we need set "path=/" for the mgnlVisitorId cookie.

Comment by Christoph Meier [ 11/Jun/18 ]

I agree rkovarik. I will mention this in the docs.

Setting / to the cookie definition means $context/, right?

However, the cookie definition of the visitorId then requires to be set accordingly.

Comment by Roman Kovařík [ 11/Jun/18 ]

Setting / to the cookie definition means $context/, right?

Not really, it's literally "/".

The impression that the default is $context/ probably comes from this:
If you see e.g.
NEW_VISITOR new localhost /magnoliaAuthor 6/12/2018, 8:50:05 AM 14 B ✓
It's only because /magnoliaAuthor was the first requested URI (before logging in).

In production, author and public are deployed under different domains so the context path "/" is "standard" path for cookies, no need for a context path.

 

Comment by Roman Kovařík [ 15/Jun/18 ]

Closing and marking as obsolete, mgnlVisitor cookie was dropped.

There can be still a possible issue regarding the coookies_consent cookie.

cmeier claims that he had two different cookies for different paths.

Since 

 

  • I cannot reproduce
  • The cookie is set by a 3th party library
  • Probably also not critical (compared to the original problem with mgnlVisitorId)

I'm closing this ticket. Please reopen if needed.

Generated at Mon Feb 12 10:30:56 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.