Skip to content
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.

Cookie consent feature #1561

Closed
glennc opened this issue Dec 1, 2017 · 2 comments
Closed

Cookie consent feature #1561

glennc opened this issue Dec 1, 2017 · 2 comments
Assignees
@blowdart @Tratcher
Labels
3 - Done enhancement
Milestone
2.1.0-preview1

Comments

@glennc
Copy link
Member

glennc commented Dec 1, 2017
edited by pranavkm
Loading

In order to help customers implement cookie compliance policies, like GDPR, we want to introduce a few concepts:

  • Cookie Reason when creating a cookie
  • Middleware that detects if consent for cookies of non-essentialreasons has been granted
  • IFeature to allow code to reason about the consent status
  • Modify CookieBuilder so that non-essential cookies can be blocked unless consent has been granted.
@glennc glennc added this to the 2.1.0-preview1 milestone Dec 1, 2017
@glennc
Copy link
Member Author

glennc commented Dec 1, 2017

Cookie Policy Tracking Consent

  • The name "consent" is problematic (Barry doesn't like it)
  • We're reusing CookiePolicy to do this.
  • CookiePolicy changes:
    • Add ITrackingConsentFeature to request
    • Add WithdrawTrackingConsent method to ITrackingConsentFeature
    • Merge TrackingCookieOptions
    • Use the IsTrackingConsentRequired delegate along with the IsEssential property on the cookie to determine if the cookie should be written out
    • Default behavior is for IsTrackingConsentRequired to always return false
  • Add "IsEssential" to CookieBuilder/CookieOptions
  • Template would:
    • Add CookiePolicy middleware.
    • Set IsTrackingConsentRequired to always return true.
    • Add UI that uses IOptions<CookiePolicyOptions>, gets the tracking cookie name and generates UI and JavaScript to set the cookie in the browser.
    • Provide UI to withdraw consent as well (by deleting the cookie).
  • Maybe IsEssential should be a CookiePurpose enum instead of a boolean.
  • Our AppInsights tag helper will need to read the Tracking Cookie feature data to determine if the AppInsights JavaScript is to be rendered.
  • Open Questions/Things:
    • Session Cookies
    • Outgoing links and loading data from other domains
    • Barry needs to 🚲🏠 on the names "tracking" and "consent"

@Tratcher assigned to modify the CookiePolicyMiddleware to support this.

@glennc glennc mentioned this issue Dec 1, 2017
Merged
@glennc glennc changed the title Cookie agreement feature Cookie consent feature Dec 1, 2017
@blowdart
Copy link
Member

blowdart commented Dec 1, 2017

Bah, the GDPR uses consent everywhere, so i acquiesce to Consent being the name.

Consent is wider than tracking cookies, it's "personal data processing", but as here we're limiting ourselves to cookies, and they are not necessarily tracking cookies, how about "IdentifyingCookie(s)", because they identify the user in some manner?

@Tratcher Tratcher mentioned this issue Dec 27, 2017
Closed
Tratcher added a commit that referenced this issue Dec 27, 2017
@Tratcher
Add consent to CookiePolicy #1561
f8b4f4c
@Tratcher Tratcher mentioned this issue Dec 27, 2017
Closed
This was referenced Dec 27, 2017
Closed
Closed
Closed
Closed
This was referenced Jan 1, 2018
Closed
Closed
Closed
@danroth27 danroth27 mentioned this issue Feb 2, 2018
Open
This was referenced Feb 8, 2018
Closed
Closed
@Rick-Anderson Rick-Anderson mentioned this issue Jun 5, 2018
Closed
@cdwaddell cdwaddell mentioned this issue Oct 4, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@blowdart blowdart

@Tratcher Tratcher

Labels
3 - Done enhancement
Projects
None yet
Milestone
2.1.0-preview1
Development

No branches or pull requests
3 participants
@glennc @blowdart @Tratcher