You are not logged in.
- Topics: Active | Unanswered
#1 2020-03-09 14:00:14
Extending TSQLRestServerURIContext für Cookie Consent
Hi Arnaud,
how about extending the class TSQLRestServerURIContext for basic implementation of cookie consent for the privacy (GDPR). I would suggest a method, like SetCookie(cookie: RawUTF8; level: TCookiePurpose): boolean. Internally, it'll write to OutSetCookie, if user consent has been given.
If enabled, the context can read a cookie (e.q. cookieconsent=....), that can be analysed with each call to the method. An event handler would allow more specific handling, if desired, otherwise it'll implement the basic 4 levels defined by the GDPR (Strictly necessary cookies [always allowed], Preferences cookies, Statistics cookies, Marketing cookies).
If you like that idea, I'll add that and create a pull request. Otherwise I'll keep it in my child class.
This way, no existing code breaks, but future development could automate cookie consent handling fairly well.
Last edited by sakura (2020-03-09 14:03:16)
Offline
#3 2020-03-10 11:20:17
Offline
#4 2020-03-10 11:26:58
Re: Extending TSQLRestServerURIContext für Cookie Consent
What is wrong with doing the purpose check just before SetCookie() and not call the method?
Basically nothing, but you have repetitive code all over the place, rather than one location to check it. It's helped me a lot already.
Offline
#5 2020-03-10 11:38:09
Re: Extending TSQLRestServerURIContext für Cookie Consent
You have to compute the cookie content somewhere in your code, anyway. I guess this is a better place to check for cookie preferences, by writing a reusable method in the business code.
Putting the check when in SetCookie() could be too late in some cases (e.g. you may update the marketing DB while computing the cookie content).
Offline