Enabling / Disabling All Cookies Upon User Consent For Gdpr

June 08, 2024 Post a Comment

This issue is related to GDPR compliance but I'll keep it more focused on the technical issue at hand: I have found some great open source resources for cookie consent banners, lik

Solution 1:

I have created a Proxy script on the document.cookie variable. Run this script as the first script in your document.

Note

This solution assumes:

Cookies are set through javascript (and server side uses sessions).
It also only works on browsers which support the use of javascript proxies.
It only works for local domains (it only prevents external domain cookies from being set)

The Proxy script

Setting a cookie

What it does it that it intercepts the document.cookie variable because window.disableCookies is set to true in the script below. It stores the cookies in the window.cookieList array until the enableCookies script is executed. If enableCookies is executed, it will disable the proxy and iterate over the window.cookieList variable, to set the cookies in the browser.

Reading the cookies

If a script sets a cookie it expects the cookie in the document.cookie variable. So until the enableCookies function is called (and window.disableCookies is set to false), it fakes a document.cookie response, it builds it based upon the window.cookieList variable.

var cookie_setter_orig = document.__lookupSetter__("cookie").bind(document);
var cookie_getter_orig = document.__lookupGetter__("cookie").bind(document);
window.cookieList = [];
window.disableCookies = true;

Object.defineProperty(document, "cookie", {
  get: function () {
    if(!window.disableCookies) {
      returncookie_getter_orig();
    } else {
      var response = "";
      window.cookieList.forEach(function(cookie){
        var splitted = cookie.split(";")[0].split("=");
        response += splitted[0] + "=" + splitted[1] + "; ";
      });
      return response.slice(0, response.length - 2);
    }
  },
  set: function (val) {
    if(!window.disableCookies) {
      cookie_setter_orig(val);
    } else {
      window.cookieList.push(val);
    }
  }
});

functionenableCookies()
{
  window.disableCookies = false;
  window.cookieList.forEach(function(cookie){
    document.cookie = cookie;
  });
  window.cookieList =[];
}

Testing it out

To test it out you can execute the following script:

/* These cookies are not set; they are set on the window.cookieList, until enableCookies is activated */document.cookie = 'cookie1=test; expires=Sun, 1 Jan 2023 00:00:00 UTC; path=/';
document.cookie = 'cookie2=test; expires=Sun, 1 Jan 2023 00:00:00 UTC; path=/';
document.cookie = 'cookie3=test; expires=Sun, 1 Jan 2023 00:00:00 UTC; path=/';

/* This is a fake cookie list from the window.cookieList variable
 * Output: cookie1=test; cookie2=test; cookie3=test 
 */console.log(document.cookie);

setTimeout(function(){
  enableCookies(); /* Enable cookies and pass them to the browser *//* The cookie below is passed to the browser directly, since cookies are enabled */document.cookie = 'cookie4=test; expires=Sun, 1 Jan 2023 00:00:00 UTC; path=/';

  /* This is the real cookie list
   * Output: cookie1=test; cookie2=test; cookie3=test; cookie4=test
   */console.log(document.cookie);
}, 2500);

JavaScript Lib