Working with cookies and consent

Sitevision 9.1 introduces a new API to work with cookie consent in Sitevision.

SiteCookieUtil

SiteCookieUtil is a new utility API designed to manage users cookie consent. The API can be used to retrieve sv:siteCookie nodes on the current site (i.e. cookies registered on the site), as well as checking user consent and generating user consent cookie value.

Cookie registration

All cookies used on a site need to be registered in order to obtain consent. Cookies are registered in the new Cookie section found in the Functions category of the Site settings. There are five different categories where cookies can be added to. Each category has a title and description which can be retrieved from SiteCookieUtil (useful when developing custom solutions).

Cookie registration in the Sitevision editor

Once a cookie is registered it can be retrieved as a sv:siteCookie to check consent status. SiteCookieUtil offers methods to retrieve all cookies in a category as a list and a method to retrieve a single cookie using the cookie identifier.

Cookie consent app

Sitevision offers a free cookie consent app through Sitevision Marketplace. The cookie consent app stores consent settings in a cookie named "sv-cookie-consent". This is Sitevision's official consent cookie and is used to verify consent of Sitevision's cookies internally.

When consent is stored through Sitevision's app an event is triggered on the document to make it possible to act on user consent.

document.addEventListener('sv-cookie-consent', (e) => {
  // e.detail.cookieIdentifiers --> identifiers of accepted cookies
  // e.detail.categories --> categories with consent
});

Building your own consent app

It is possible to build your own cookie consent app using utilities from SiteCookieUtil. The name and value of the consent cookie must be generated via SiteCookieUtil. Refer to the following snippet for consent cookie creation.

import siteCookies from '@sitevision/api/server/SiteCookieUtil';

export const createConsentCookie = (res, userConsentCookies) => {
  res.cookie({
    name: siteCookies.getUserConsentCookieName(),
    value: siteCookies.createUserConsentCookieValue(userConsentCookies), // list of sv:siteCookie nodes
    httpOnly: true,
    secure: true,
    maxAge: 365 * 24 * 3600,
    sameSite: 'Lax',
  });
};

Checking consent

When a cookie has been registered on the site, it needs to have user consent before it is used (unless it is categorized as necessary). User consent can be obtained from Sitevision's cookie consent app or a custom solution. Refer to the following snippet to check consent before a cookie is set.

import siteCookies from '@sitevision/api/server/SiteCookieUtil';

export const setCookie = (res, cookieIdentifier) => {
  const cookieNode =
    siteCookies.resolveSiteCookieByIdentifier(cookieIdentifier);

  if (!siteCookies.checkUserConsent(cookieNode)) {
    return;
  }

  res.cookie({
    name: cookieIdentifier,
    value: '',
    httpOnly: true,
    secure: true,
    maxAge: 3600,
    sameSite: 'Lax',
  });
};

Do you want to subscribe to News from Sitevision Developer team? Subscribe here!