I'm using Osano Developer plan to integrate a Cookie Consent Manager in my website. My website only has essential cookies and analytics (Google Analytics 4 - GA4) cookies. Initially, the Cookie Consent is working and GA4 cookies are not set until the user opts-in. However, after the opt-in, if the user opts-out I don't see the cookies being removed (I check them at: Google Chrome -> Developer Tools -> Application tab -> Cookies). I was expecting them to be removed or at least a change in the "Expires / Max Age" field.
Another thing I don't understand from "Osano dashboard -> Cookie Management -> Cookies tab", is that GA4 cookies were discovered and I managed them. But in the Osano "Storage Preference Drawer", under the Analytics section it doesn't show the GA4 cookies which is strange (not in my website nor within Osano Storage Preference Drawer preview).
Osano->Consent Management->Customization->Show Drawer, but also not being shown analytics cookies in the website:
Chrome->Developer Tools->GA4 cookies after opt-in and then opt-out:
Related
I'm testing a website that requires cookies for access tokens. I have valid tokens that I'm setting in Chrome's "Application" tab in developer's tools. However, I can't always add cookies because the page is programmed to redirect if there are no cookies available. Thus, I need to be able to set a cookie with my token for this domain while on another domain's webpage. Is there a way to do this or do I have to be on the same page that I want to set cookies for?
I'm trying to filter out employee traffic in Google Analytics via cookie. Our company sets every employee's browser home page to our Intranet (Internal.com). Setting a cookie on Internal.com will give me the best chance at setting cookies for the majority of employees and setting them often.
The problem is, setting a cookie on Internal.com does not translate to Company.com in Google Analytics where I'm actually trying to filter out the traffic.
I do NOT have the ability to change the browser home page to a redirect, such as Company.com/internal > Internal.com.
Is there anyway to allow Company.com to see Internal.com cookies? Is there a way to inject the Google Analytics account ID into the SetCookie function so that it allows it to be read? Are there any other solutions?
Chrome is reporting the following warning:
A cookie associated with a cross-site resource at https://www.googletagmanager.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
I have two warnings of this type. The three cookies I see are gtm_auth, gtm_preview, and gtm_debug. All session cookies. I see gtm_auth is set with Secure attribute (SameSite attribute is empty). The other two cookies do not have either attribute set.
They are classified as analytical cookies, not marketing cookies, by the way.
Using Google Tag Manager, how do I set or modify these cookies? I'm not looking to update the cookies in my code. I imagine adding cookie attributes should be doable using Google Tag Manager. What is Google's stance on how to address this with Google Analytics and Google Tag Manager?
For any of these warnings, if you are not responsible for the domain then you are not responsible for updating the cookies. The Google Tag Manager team will be responsible for updating the relevant code that sets the SameSite attributes for cookies from googletagmanager.com.
At this point, the warnings are purely informational and are not impacting functionality. Enforcing this behaviour in stable Chrome is not scheduled until M80, currently targeted for Feb 2020.
Chrome is already rolling out this change. You can set cookie flag in analytics.js or gtag.js for this to work, for example:
gtag('config', 'G-N2A3FMNDT5', {
cookie_flags: 'max-age=7200;secure;samesite=none'
});
For more information and background, see this blog post: The New cookieFlags Setting In Google Analytics
I am building a django app which requires user authentication for users to surf the web site. I read through many docs and tutorials which say to use set_test_cookie(), test_cookie_worked() and delete_test_cookie() functionality to test whether client's browser supports cookie management.
However this approach requires two requests and views to verify if cookie management is supported in client's browser or not. My question is how to implement Facebook like functionality in cookie management here. Here's how FB handles cookie check -
1) If I am not logged in and I have disabled cookie support then I am not allowed to log in prompting that I must enable cookie support to access my page.
2) Suppose I was logged in before and cookie was set up but I now disable cookie support then if I access facebook.com then it logs me out in just one request and asking me log in again. But if I log in again then it is same as the first case.
3) If I am on my timeline and browsing facebook then without closing that tab if I disable cookie support in browser, I get automatically logged out prompting that cookie support should be enabled.
How does Facebook (same as gmail) know without my sending request that cookie support is disabled in the mid and I get logged out? Does it continuously make Ajax calls to the server? How do I implement this functionality in my django app?
I have this weird problem in IE 9. I have a site which allows a user to login and can also be logged in by a separate website using web service in the background. When logged in, a cookie is created. In fiddler, I can see the user has logged in to my site from the third party website and the cookie is created. The third party site makes an ajax call and the cookie is created in my domain.
But when I click on a link to my site from the third party site, the login page is displayed again. I wrote a debug code that states in the page that the cookie does not exist but I can see in IE settings that the cookie does exist. The cookie expires in 24 hours.
How do I fix it? By the way, it works fine in most other browsers including IE8, IE7, Chrome.
This is similar to - IE9 Separate cookies for third party request - but there is no response there.
There is a limitation introduced in IE 9+. It isolates different zones to access each others' data. For example if a cookie is created in example.com for domain:example.com, a.example.com cannot access the cookie if their zones are different (one is intranet, one is trusted, etc.). You can check the zones in Internet Option -> Security tab.
For more information check Cookie Sharing in Cross-Zone Scenarios