SameSite=none;Secure for Cookie Consent

Bronze Contributor
Bronze Contributor

Dear Tealium,

our website uses an OCI catalog data interface to get our shop and products into the systems of our big customers using iframes.
So they can see and buy/import our products directly from their SAP SRM system.


We also have Tealium and the consent management active.
The iframe solution unfortunately makes the cookie banner appearing with every pageload, because the consent cookie ist not available through the iframe of our shop. This is very annoying and bad UX for our customers.

I've managed to get the utag_main cookie running with the configuration "window.utag_cfg_ovrd.secure_cookie = true;" and following the instructions on this page by editing the uTag Loader template.
With this change I get the utag_main cookie into the iframe, see screenshot.cookies-oci-screenshot.PNG

 

 

 

But the CONSENTMGR cookie is not getting this configuration and therefore not using SameSite=None;Secure.

Is there any API, configuration, JS thing or template I can use to get this also for the consent cookie?


Thanks
Stefan

Creative communication with the web
2 REPLIES 2

SameSite=none;Secure for Cookie Consent

Bronze Contributor
Bronze Contributor

Hi Stefan,

 

It seems that isn't supported currently. However you can edit the template Consent Management: General - UID:cmGeneral from Manage Templates interface.

Around line 312 there's a logic to create the cookie;

Capture.PNG

You can replace lines 312-318 with this Javascript code

    var cookie_string = [
        utag.gdpr.cookieNS +"="+ encodeURI(mo2Val.join("|")),
        "path=" + utag.gdpr.path,
        "expires=" + expiry.toGMTString()];
    if (utag.gdpr.domain){
        cookie_string.push("domain=" + utag.gdpr.domain);
    }
    if (window.utag_cfg_ovrd && window.utag_cfg_ovrd.consent_cookie_samesite) {
        cookie_string.push("SameSite="+window.utag_cfg_ovrd.consent_cookie_samesite);
        if (window.utag_cfg_ovrd.consent_cookie_samesite === "None") {
            window.utag_cfg_ovrd.consent_secure_cookie = true;
        }
    }
    if (window.utag_cfg_ovrd && window.utag_cfg_ovrd.consent_secure_cookie) {
        cookie_string.push("Secure");
    }

 

So it will look like this: 

Capture.PNG

With that change you can set additional two values on utag_cfg_ovrd object like this:

window.utag_cfg_ovrd.consent_cookie_samesite = "None"; // Allowed values are: Lax, Strict or None
window.utag_cfg_ovrd.consent_secure_cookie = true;

If you set consent_cookie_samesite to None then Secure directive will be automatically added.

 

Best Regards,

Adam

 

Feel free to ask me anything related to Tealium, Javascript and Digital Analytics tools.

SameSite=none;Secure for Cookie Consent

Bronze Contributor
Bronze Contributor
Thanks Adam. Worked like a charm.

Stefan
Creative communication with the web
Public