Cookies app

Use the Cookies app to manage cookies that require consent from your website visitors.

The cookies you use on your website have different origins: some come from third-party services such as Google Analytics, others from Magnolia features. One example of a Magnolia cookie is the VISITOR cookie used by the visitor trait to serve personalized content.

App definition

The Cookies app is defined in a YAML file. This YAML file resides in the Magnolia Maven module called magnolia-privacy-ui, which is part of the Privacy module.

If you want to change the app definition, you can decorate it, create a copy in the resources workspace with the Resource Files app or create a copy in a file-based light module using the Magnolia resources origins loading order.

Usage

Read GDPR and cookies to understand how to use the Cookies app to set cookies according to website visitor consent.

Adding a cookie definition

Open the Cookies app from the app launcher.

Search for apps or for content across all your apps using the Find Bar. Open an app directly from the Find Bar using the command open <app-name> app, for example, type open pages app.

To add a new cookie, click Add cookie. New nodes can only be added to the root node (no nested cookies). The properties id (cookie’s unique ID) and cookieName (cookie’s name as seen in the browser) are mandatory.

List of cookies with the action bar

Editing a cookie definition

To edit a cookie definition, select a cookie in the browser and click Edit cookie. The fields in the Cookie properties dialog correspond to the properties described below.

Editing cookie definition field

Cookie properties

You can also edit cookie definitions directly in the Configuration app under /modules/cookie-manager/config.

Property Description

Property	Description
`id`	required Cookie’s unique ID. The node name is used as the `id`. The identifier is required to get info.magnolia.consent.cookie.definition.CookieDefinition from info.magnolia.consent.cookie.CookieManager (see Data privacy API: Managing cookies).
`cookieName`	required The name of the cookie as seen in the browser.
`value`	optional The value of the cookie.
`domain`	optional The domain within which this cookie should be presented.
`path`	optional The path for the cookie to which the client should return the cookie. Leave empty if the cookie should be valid just for the subtree of the active page. Use `/` if the cookie should be valid for whole domain.
`maxAge`	optional, default is `-1` The maximum age of this cookie (in seconds). The default value -1 creates a cookie that expires when you shut down the browser.
`requiredConsentRegexp`	optional, default is `.+` A regular expression used to determine whether a cookie will be set or not.
`secure`	optional, default is `false` Indicates to the browser whether the cookie should only be sent using a secure protocol, such as HTTPS or SSL.
`isHttpOnly`	optional, default is `true` HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.
`enabled`	optional, default is `true` Set to `false` to disable the cookie definition.
`comment`	optional This property cannot be edited using the Cookies app. Instead you must create localized i18n message keys for this property. The format of the i18n key is `cookies.$cookiesId.comment`.

id

required

Cookie’s unique ID. The node name is used as the id. The identifier is required to get info.magnolia.consent.cookie.definition.CookieDefinition from info.magnolia.consent.cookie.CookieManager (see Data privacy API: Managing cookies).

cookieName

required

The name of the cookie as seen in the browser.

value

optional

The value of the cookie.

domain

optional

The domain within which this cookie should be presented.

path

optional

The path for the cookie to which the client should return the cookie.

Leave empty if the cookie should be valid just for the subtree of the active page. Use / if the cookie should be valid for whole domain.

maxAge

optional, default is -1

The maximum age of this cookie (in seconds).

The default value -1 creates a cookie that expires when you shut down the browser.

requiredConsentRegexp

optional, default is .+

A regular expression used to determine whether a cookie will be set or not.

secure

optional, default is false

Indicates to the browser whether the cookie should only be sent using a secure protocol, such as HTTPS or SSL.

isHttpOnly

optional, default is true

HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.

enabled

optional, default is true

Set to false to disable the cookie definition.

comment

optional

This property cannot be edited using the Cookies app. Instead you must create localized i18n message keys for this property. The format of the i18n key is cookies.$cookiesId.comment.

All properties except requiredConsentRegexp and enabled derive from the Servlet Cookie API.

The implementation of the server-side set cookie calling cookieManager#addCookie may override the properties set in the Cookies app.

Magnolia-specific property `requiredConsentRegexp`

In addition to id and cookieName, the requiredConsentRegexp property is also crucial when configuring cookies.

The value of the requiredConsentRegexp property is interpreted as a regular expression. The default value is .+.

Server-side cookies are set if the regular expression matches the value stored in the cookieConsent_status cookie.

See GDPR and cookies: Understanding when cookies are set.

Bootstrapped cookie definitions

The Cookies app already contains some nodes. The exact content depends on the modules in your bundle. The following table lists the pre-configured cookie definitions you may find in Magnolia:

ID cookieName Usage

ID	`cookieName`	Usage
`cookiesConsent`	`cookieconsent_status`	Stores the cookie consent decision of the website visitor. Installed by `magnolia‐privacy‐ui` - See Privacy module
`NEW_VISITOR`	`NEW_VISITOR`	Used by the visitor trait. Installed by Personalization module
`RETURNING_VISITOR`	`VISITOR`	Used by the visitor trait. Installed by Personalization module
`REGISTERED_VISITOR`	`VISITOR`	Used by the visitor trait. Installed by Personalization module
`weatherLocality_Basel`	`weatherLocality`	Not used. Can be used for a cookie trait. Installed by Personalization module
`weatherLocality_London`	`weatherLocality`	Not used. Can be used for a cookie trait. Installed by Personalization module
`google_analytics`	` _ga,_gid`	Google Analytics Installed by Travel demo modules
`tourType_any`	`tourType`	Tour type buttons on the Travel Demo home page. Installed by Travel demo modules

cookiesConsent

cookieconsent_status

Stores the cookie consent decision of the website visitor.

Installed by: magnolia‐privacy‐ui - See Privacy module

NEW_VISITOR

Used by the visitor trait.

Installed by: Personalization module

RETURNING_VISITOR

VISITOR

Used by the visitor trait.

Installed by: Personalization module

REGISTERED_VISITOR

VISITOR

Used by the visitor trait.

Installed by: Personalization module

weatherLocality_Basel

weatherLocality

Not used. Can be used for a cookie trait.

Installed by: Personalization module

weatherLocality_London

weatherLocality

Not used. Can be used for a cookie trait.

Installed by: Personalization module

google_analytics

` _ga,_gid`

Google Analytics

Installed by: Travel demo modules

tourType_any

tourType

Tour type buttons on the Travel Demo home page.

Installed by: Travel demo modules

We don’t recommend removing these nodes except those from the Travel Demo module.

Cookies app

App definition

Usage

Adding a cookie definition

Editing a cookie definition

Cookie properties

Magnolia-specific property requiredConsentRegexp

Bootstrapped cookie definitions

Location

Main doc sections

Magnolia-specific property `requiredConsentRegexp`