Contrib.social

Cookie domain can't be set for GA 4 in "create only fields"

Open on Drupal.org β†’
Created on 23 May 2023, over 1 year ago

Problem/Motivation

The config parameter name for cookie domain has changed. Previously, it was cookieDomain (see old UA documentation). Now, it is cookie_domain (see current GA4 documentation).

Other parameter names have changed as well.

It is not possible to add a working cookie domain to GA4 using the "create only fields" field because the acceptable parameters are hardcoded in googleanalytics.admin.inc:

function _googleanalytics_validate_create_field_name($name) {
  // List of supported field names:
  // https://developers.google.com/analytics/devguides/collection/analyticsjs/field-reference#create
  $create_only_fields = array(
    'allowAnchor',
    'alwaysSendReferrer',
    'clientId',
    'cookieName',
    'cookieDomain',
    'cookieExpires',
    'legacyCookieDomain',
    'legacyHistoryImport',
    'sampleRate',
    'siteSpeedSampleRate',
    'storage',
    'useAmpClientId',
  );

If you put in one of the allowed names with a value, it is output in the config function. Here's an obfuscated example from a live site that has both a UA and a GA4 ID configured:

gtag("config", "UA-12345678-1", {"groups":"default","cookieDomain":"whatever.example.com","anonymize_ip":true});
gtag("config", "G-123ABC456", {"groups":"default","cookieDomain":"whatever.example.com","anonymize_ip":true});;

However, "create only fields" are no longer a thing on GA4. They are just config parameters set with the config function, not the old create function. The field label and help text are confusing in this context. The current setup is only allowing UA create function parameters, but is adding them using the config function, which most likely means they are not working for either UA (where the create function is what's needed) or GA4 (where the parameters have different names).

Also in GA4 there doesn't look like there's a list of allowed config parameters that could be hardcoded into the module. So allowing arbitrary name/value pairs might be the way to go.

Steps to reproduce

On a site that's served from a subdomain (for example whatever.example.com):

  1. Download and enable the latest version of the module.
  2. In the module settings, add a GA4 tracking ID.
  3. In the Advanced section, Create Only Fields field, add the following name/value pair: cookie_domain|whatever.example.com
  4. Save the form. Note you can't save it because "Create only field name cookie_domain is a disallowed field name."
  5. Update the field to use the name/value pair cookieDomain|whatever.example.com.
  6. Save the form. Note it saves successfully.
  7. Visit the site anonymously in a separate browser that is not set up to block GA cookies.
  8. Inspect the cookie storage.
  9. Note that the domain-specific cookie is being set on *.example.com.
  10. Visit a site served from the root domain example.com or a different subdomain such as another.example.com.
  11. Inspect the cookie storage.
  12. Note that the cookie from the original subdomain is available to this domain.

Proposed resolution

Given that UA is being sunset in a month, and GA4 does not seem to have a limited list of available config parameters, would the best thing to do be to patch for GA4 (removing the hardcoded list and deciding whether to put in any validation) and roll a release after July 1? If the current setup isn't even working for UA, maybe there's no backwards compatibility we need to preserve?

Remaining tasks

Patch and test.

User interface changes

Update field label and help text to accurately convey what this field is (config parameters).

API changes

N/A

Data model changes

N/A

πŸ› Bug report
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States cboyden

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024