Idea: delete cookie on multiple common domains by default

[manuhabitela]

Hi,

Sometimes it's a bit cumbersome to have to define cookie domain by hand for each app. Most scripts set their cookie on currentdomain.com or .currentdomain.com.

One idea would be:

• if a domain is set in the cookies app config, do the same thing as before, ie try to delete the cookie with the given name and domain and that's it
• if no domain is set in the cookies app config, to try to delete multiple cookies for the same cookie name, one for each domain.

The deleteCookie function could look like that:

export function deleteCookie(name, path, domain) {
    let cookieString = `${name}=; Max-Age=-99999999;${path !== undefined
        ? ` path=${path};`
        : ` path=/;`
    }`
    if (domain !== undefined) {
        document.cookie = `${cookieString} domain=${domain};`
        return;
    }
    // if domain is not defined, try to delete cookie on multiple default domains
    document.cookie = cookieString
    document.cookie = `${cookieString} domain=.${location.hostname};`
    // handle subdomains
    document.cookie = `${cookieString} domain=.${location.hostname.split('.').slice(-2).join('.')};`
}

Would you see any disadvantage of doing this? I know it's something tarteaucitron, a tool similar to Klaro, does and it works pretty well (see here).

[adewes]

Interesting idea, we'll consider that for one of the next versions of Klaro!

[josemmo]

Related to this issue, would you consider adding an option to set the "klaro" configuration cookie to the second level domain (.example.com) instead of the current domain (e.g. www.example.com) to prevent showing the same notice for each and every subdomain after it has been allowed/declined?

This could be easily implemented with just a few changes, including the one proposed by @Leimi:

function getTopDomain() {
    return location.hostname.split('.').slice(-2).join('.')
}

//https://stackoverflow.com/questions/14573223/set-cookie-and-get-cookie-with-javascript
export function setCookie(name, value, days) {
    var expires = "";
    if (days) {
        var date = new Date();
        date.setTime(date.getTime() + (days*24*60*60*1000));
        expires = "; expires=" + date.toUTCString();
    }
    document.cookie = name + "=" + (value || "") + expires + "; path=/; " +
        "domain=" + getTopDomain();
}

export function deleteCookie(name, path, domain) {
    let str = name+'=; Max-Age=-99999999;'
    str += (path === undefined) ? 'path=/;' : 'path='+path+';'
    
    // try to delete the cookie with provided domain
    if (domain !== undefined) {
        document.cookie = str + ' domain='+domain+';'
        return
    }
    
    // try to delete the cookie without knowing the domain
    document.cookie = str
    document.cookie = str + ' domain=.'+location.hostname+';'
    document.cookie = str + ' domain=.'+getTopDomain()+';'
}