configured the analytics cookie domain name

binon · binon · commit 131bffaa8f37 · 2023-05-22T23:48:48.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -360,4 +360,5 @@ MigrationBackup/
 .ionide/
 
 # Fody - auto-generated XML schema
-FodyWeavers.xsd
+FodyWeavers.xsd
+/appsettings.Development.json
diff --git a/Controllers/CookieConsentController.cs b/Controllers/CookieConsentController.cs
@@ -17,15 +17,17 @@ public class CookieConsentController : Controller
         private readonly ICookiePolicyService? cookiePolicyService;
         private string CookieBannerConsentCookieName = "";
         private int CookieBannerConsentCookieExpiryDays = 0;
-        private string[] CookieBannerDeleteConsentCookieNames;
+        private string[] CookieBannerAnalyticsCookieNamesPrefix;
+        private string AnalyticsCookiesDomainName = "";
 
         public CookieConsentController(IConfiguration configuration, ICookiePolicyService? cookiePolicyService = null)
         {
             this.configuration = configuration;
             this.cookiePolicyService = cookiePolicyService;
             CookieBannerConsentCookieName = configuration.GetCookieBannerConsentCookieName();
             CookieBannerConsentCookieExpiryDays = configuration.GetCookieBannerConsentExpiryDays();
-            CookieBannerDeleteConsentCookieNames = configuration.GetCookieBannerDeleteCookieNames();
+            CookieBannerAnalyticsCookieNamesPrefix = configuration.GetCookieBannerDeleteCookieNames();
+            AnalyticsCookiesDomainName = configuration.GetAnalyticsCookiesDomainName();
 
             string cookieBannerCSName = configuration.GetCookiePolicyConnectionStringName();
             if (!string.IsNullOrEmpty(cookieBannerCSName))
@@ -50,6 +52,7 @@ public IActionResult CookiePolicy()
 
                     if (Request != null)
                     {
+                        string domainName = HttpContext.Request.Host.Host;
                         if (Request.Cookies.HasCookieBannerCookie(CookieBannerConsentCookieName, "true"))
                             model.UserConsent = "true";
                         else if (Request.Cookies.HasCookieBannerCookie(CookieBannerConsentCookieName, "false"))
@@ -105,8 +108,6 @@ public IActionResult ConfirmCookieConsent(string consent, bool setTempDataConsen
             if (Response != null)
             {
                 string domainName = HttpContext.Request.Host.Host;
-                if (domainName.StartsWith("www"))
-                    domainName = domainName.Substring(3);
 
                 if (consent == "true")
                     Response.Cookies?.SetCookieBannerCookie(CookieBannerConsentCookieName, consent, domainName,
@@ -116,24 +117,21 @@ public IActionResult ConfirmCookieConsent(string consent, bool setTempDataConsen
                 {
                     Response.Cookies?.SetCookieBannerCookie(CookieBannerConsentCookieName, consent, domainName,
                         DateTime.UtcNow.AddDays(CookieBannerConsentCookieExpiryDays));
-                    RemoveCookies();
+                    RemoveCookiesDefinedInConfig();
                 }
-            
+
                 TempData["ObtainUserConsentToTrackPriorToPageLoad"] = consent;
 
                 if (setTempDataConsentViaBannerPost) TempData["consentViaBannerPost"] = consent; // Need this tempdata to display the confirmation banner
             }
             return Json("OK");
         }
 
-        private void RemoveCookies()
+        private void RemoveCookiesDefinedInConfig()
         {
-            // Get the domain name from the request URL without protocol or "www" prefix
-            string domainName = HttpContext.Request.Host.Host;
-            if (domainName.StartsWith("www"))
-                domainName = domainName.Substring(3);
+            string domainName = GetDomainName();
 
-            foreach (var removeCookieName in CookieBannerDeleteConsentCookieNames)
+            foreach (var removeCookieName in CookieBannerAnalyticsCookieNamesPrefix)
             {
                 // List and delete all cookies from config
                 var cookies = Request.Cookies.Where(c => c.Key.StartsWith(removeCookieName)).ToList();
@@ -142,6 +140,21 @@ private void RemoveCookies()
                     Response.Cookies.Delete(cookie.Key, new CookieOptions { Domain = domainName });
                 }
             }
-        }       
+        }
+
+        private string GetDomainName()
+        {
+            // Get the domain name from the request URL without protocol or "www" prefix
+            string domainName = HttpContext.Request.Host.Host;
+            if (!string.IsNullOrEmpty(AnalyticsCookiesDomainName))
+                domainName = AnalyticsCookiesDomainName;
+            else
+            {
+                int dotIndex = domainName.IndexOf(".");
+                domainName = dotIndex >= 0 ? domainName.Substring(dotIndex) : domainName;
+            }
+
+            return domainName;
+        }
     }
 }
diff --git a/Extensions/ConfigurationExtensions.cs b/Extensions/ConfigurationExtensions.cs
@@ -4,7 +4,8 @@ public static class ConfigurationExtensions
     {
         private const string CookieBannerConsentCookieName = "CookieBannerConsent:CookieName";
         private const string CookieBannerConsentExpiryDays = "CookieBannerConsent:ExpiryDays";
-        private const string CookieBannerDeleteCookieNames = "CookieBannerConsent:DeleteCookieNamesPrefix";
+        private const string CookieBannerDeleteCookieNames = "CookieBannerConsent:AnalyticsCookieNamesPrefix";
+        private const string CookieBannerAnalyticsCookiesDomainName = "CookieBannerConsent:AnalyticsCookiesDomainName";
 
         private const string CookiePolicyConnectionStringName = "CookiePolicy:ConnectionStringName";
         private const string CookiePolicySQL = "CookiePolicy:CookiePolicySQL";
@@ -27,6 +28,10 @@ public static string[] GetCookieBannerDeleteCookieNames(this IConfiguration conf
             var deleteCookieNames = config.GetSection(CookieBannerDeleteCookieNames);
             return deleteCookieNames.GetChildren().Select(x => x.Value).ToArray();
         }
+        public static string GetAnalyticsCookiesDomainName(this IConfiguration config)
+        {
+            return config[CookieBannerAnalyticsCookiesDomainName];
+        }
         public static int GetCookieBannerConsentExpiryDays(this IConfiguration config)
         {
             int.TryParse(config[CookieBannerConsentExpiryDays], out int expiryDays);
diff --git a/Helpers/CookieBannerHelper.cs b/Helpers/CookieBannerHelper.cs
@@ -18,9 +18,6 @@ DateTime expiry
                 new CookieOptions
                 {
                     Domain= domainName,
-                    HttpOnly = true,
-                    Secure = true, // Set to true if using HTTPS
-                    SameSite = SameSiteMode.Strict,
                     Expires = expiry
                 }
             );
diff --git a/appsettings.Development.json b/appsettings.Development.json
diff --git a/appsettings.json b/appsettings.json
@@ -7,17 +7,16 @@
   },
   "AllowedHosts": "*",
   "ConnectionStrings": {
-    "DefaultConnection": "Data Source=localhost;Initial Catalog=mbdbx101_uar;Integrated Security=True;",
-    "DWConnection": "Data Source=localhost;Initial Catalog=mbdw;Integrated Security=True;"
+    "DefaultConnection": "Data Source=localhost;Initial Catalog=mbdbx101_uar;Integrated Security=True;"
   },
 
   "CookieBannerConsent": {
     "CookieBannerContent": "<p>We've put some small files called cookies on your device to make our site work.</p> <p>We'd also like to use analytics cookies. These send anonymous information about how our site is used to a service called Google Analytics & Hotjar Analytics. We use this information to improve our site.</p>",
-    //"CookieBannerContent": "<p>We've put some small files called cookies on your device to make our site work.</p> <p>We'd also like to use analytics cookies. These send anonymous information about how our site is used to a service called Google Analytics & Hotjar Analytics. We use this information to improve our site.</p> <p>Let us know if this is OK. We'll use a cookie to save your choice. You can <a id= nhsuk-cookie-banner__link\" target=\"_blank\" href=\"@Url.Action(@policyActionName,@policyControllerName)\" tabindex=\"1\">read more about our cookies</a> before you choose.</p>",
     "ApplicationName": "Digital Learning Solutions",
     "CookieName": "Dls-cookie-consent",
     "ExpiryDays": "365",
-    "DeleteCookieNamesPrefix": [ "_ga", "_hj" ]
+    "AnalyticsCookieNamesPrefix": [ "_ga", "_hj" ],
+    "AnalyticsCookiesDomainName": ""
   },
 
   // Get cookie policy content from SQL based source
@@ -33,8 +32,8 @@
 //  "CookiePolicy": {
 //    "ControllerName": "",
 //    "ActionName": "",
-//    "ApiUrl": "https://lh-userapi.dev.local/api/",
-//    "CookiePolicyRequestURI": "TermsAndConditions/LatestVersion/10",
+//    "ApiUrl": "",
+//    "CookiePolicyRequestURI": "",
 //    "ClientIdentityKey": ""
 //  }
 }

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,8 @@ public static class ConfigurationExtensions`
`4`	`4`	`{`
`5`	`5`	`private const string CookieBannerConsentCookieName = "CookieBannerConsent:CookieName";`
`6`	`6`	`private const string CookieBannerConsentExpiryDays = "CookieBannerConsent:ExpiryDays";`
`7`		`- private const string CookieBannerDeleteCookieNames = "CookieBannerConsent:DeleteCookieNamesPrefix";`
	`7`	`+ private const string CookieBannerDeleteCookieNames = "CookieBannerConsent:AnalyticsCookieNamesPrefix";`
	`8`	`+ private const string CookieBannerAnalyticsCookiesDomainName = "CookieBannerConsent:AnalyticsCookiesDomainName";`
`8`	`9`
`9`	`10`	`private const string CookiePolicyConnectionStringName = "CookiePolicy:ConnectionStringName";`
`10`	`11`	`private const string CookiePolicySQL = "CookiePolicy:CookiePolicySQL";`
`@@ -27,6 +28,10 @@ public static string[] GetCookieBannerDeleteCookieNames(this IConfiguration conf`
`27`	`28`	`var deleteCookieNames = config.GetSection(CookieBannerDeleteCookieNames);`
`28`	`29`	`return deleteCookieNames.GetChildren().Select(x => x.Value).ToArray();`
`29`	`30`	`}`
	`31`	`+ public static string GetAnalyticsCookiesDomainName(this IConfiguration config)`
	`32`	`+ {`
	`33`	`+ return config[CookieBannerAnalyticsCookiesDomainName];`
	`34`	`+ }`
`30`	`35`	`public static int GetCookieBannerConsentExpiryDays(this IConfiguration config)`
`31`	`36`	`{`
`32`	`37`	`int.TryParse(config[CookieBannerConsentExpiryDays], out int expiryDays);`
Original file line number	Diff line number	Diff line change
`@@ -18,9 +18,6 @@ DateTime expiry`
`18`	`18`	`new CookieOptions`
`19`	`19`	`{`
`20`	`20`	`Domain= domainName,`
`21`		`- HttpOnly = true,`
`22`		`- Secure = true, // Set to true if using HTTPS`
`23`		`- SameSite = SameSiteMode.Strict,`
`24`	`21`	`Expires = expiry`
`25`	`22`	`}`
`26`	`23`	`);`