Document special features of tracking object type `cookie_http+html` about extension-cookieman HOT 6 CLOSED

Hi Henri,

fe_typo_user is a HTTP cookie in contrast to "normal" (HTTP +) HTML cookies.
They can only be set via HTTP-headers (Set-Cookie: ... ; HttpOnly) and are not accessible in JavaScript.
cookieman is by design not able to unset or alter HTTP cookies.

Usually browser devtools show the type of cookie:

HTTP cookies are a good thing and should be used whenever possible because they are not prone to be read by some JavaScript library. See Session hijacking and XSS at https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies for an example. They can also be used for fingerprinting.

We have a little information here https://docs.typo3.org/p/dmind/cookieman/master/en-us/Configuration/Reference/Index.html#trackingobjects-tracking-object-key-show-tracking-item-key-type - do you suggest making the different types of cookies more clear there?

from extension-cookieman.

Ok. Thanks for the clarification. We had that subject once before, but I missed to see it here. Important session cookies(login) will not be subject to javascript manipulation. Got it.

from extension-cookieman.

maybe have a comment line at the place to hint this aspect.

from extension-cookieman.

@TrueType Can you propose one, please?

from extension-cookieman.

Hmm. At first I thought putting a comment in fe_typo_user.typoscript above the type property. But that is not general enough. The code examples bring 4 types, only one of which has the removal of cookies. So it may be better to have an explanation of the type property altogether. I check the documentation for it. But there is nothing about types there. I guess there should be a chapter about types in the documentation. Possibly with some background and links to the matter. To say, some cookies may not be removed by JS. What is LocalStorage. ... Then there is an example setup.typoscript in the code and and example TS for type pixel. There is no general example for tracking objects or not 4 TS tracking object examples by type in the code. A single example in the code may be enough to have a hint -> see documentation for types. 4 examples would make it very clear, that type is important.

I hope you don't think I am talking bullshit. The extension and documentation is already high quality. There is no need for overperfection.

from extension-cookieman.

Glancing through the documentation I think we have some misleading information in it.

The how-to has an HTTP cookie example with htmlCookieRemovalPattern which does not make any sense.

Here and here we advertise cookie removal but fail to explain that this is only possible for HTML cookies.

In the reference we should note that cookie_http+html is the only one that allows cookie removal. Also the type pixel from the newly added FacebookPixel example should be added there.

from extension-cookieman.