Contrib.social

cookie_domain setting support

Open on Drupal.org β†’
Created on 4 April 2024, 5 months ago
Updated 17 July 2024, about 2 months ago

Problem/Motivation

Is it possible to set cookie_domain when using this module? We have encountered an issue previously with Google Analytics, because Google by default sets the cookie_domain at the highest level possible:

By default, Google tags use automatic cookie domain configuration. Cookies are set on the highest level of domain possible. For example, if your website address is blog.example.com, cookies are set on the example.com domain. If it is detected that you're running a server locally (for example, localhost), cookie_domain is automatically set to 'none', and cookies will use the full domain from the document location.

We are a university running hundreds of sites, with many unique department sites that are subdomains, like foo.example.com, bar.example.com, etc. They implement Google Analytics/Google Tag on their own departmental accounts. Over time, users can accumulate many unique GA cookies as they visit sites, as by default they are set at the highest domain (.example.com). These cookies are then sent on every request to any other application hosted on example.com. This has caused issues and support tickets/calls, where end users visiting applications like SSO at baz.example.com are met with "400 Bad Request: Request Header Or Cookie Too Large" errors because of all the accumulated GA cookies in their browser, set at the .example.com scope are exceeding the server limit.

In the Google Analytics module, this is configurable using the google_analytics_domain_mode setting and we are now setting this to 1, or "One domain with multiple subdomains". With that module now obsolete, I am looking at how we can migrate to Google Tag, but I don't see configurations for cookie_domain. Is there any way to set this at the subdomain the same way as was possible with Google Analytics? Thanks.

✨ Feature request
Status

Needs review

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States vinmassaro

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @vinmassaro
  • Comment 5 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States vinmassaro
  • Comment 3 months ago β†’
    πŸ‡¨πŸ‡¦Canada alberto56

    Hi, thanks for the great issue description. I came across your post while researching a similar issue for a client. Although I am a GTM newbie, I will share what I find in this issue in case it may be fo help to others.

    To reproduce this issue on my site, I can do something like:

    * Go to a site that I am not tracking using Google Analytics via GTM, for example site-managed-by-another-department.example.com, in an incognito window in the Chromium web browser.
    * Go to the site I am tracking using Google Analytics via GTM, for example, this-is-mine.example.com
    * Accept cookies using the dialog (if required)
    * Open the developer console, and go to the "Application" pane, then "Cookies"
    * Confirm I am seeing a cookie "_ga:xxx" for domain ".example.com"
    * Go back to site-managed-by-another-department.example.com and reload it
    * Open the developer console, and go to the "Application" pane, then "Cookies"
    * Confirm I am seeing the same cookie "_ga:xxx" for domain ".example.com" that was set for this-is-mine.example.com

    The link you share, "Configure and customize cookies", contains a section entitled "Change cookie domain" which has instructions on how to change your cookie domain from the default (which tracks activity across subdomains), to only applying to the current domain.

    What is interesting to me in those instructions is that, in the gtag.js tab, it shows instructions on how to modify the Javascript source directly on your website by adding somethine like:

    gtag('config', 'TAG_ID', {
  'cookie_domain': 'blog.example.com'
});

    Indeed this seems to be exactly what the obsolete Google Analytics module does, based on the google_analytics_domain_mode setting.

    However, the very philosophy behind GTM, as I understand it, is to be an abstraction layer between your website and third-party providers such as Google Analytics, Floodlight, and other services, making the configuration of those services possible on the GTM dashboard, and not in your source code.

    As this Reddit post comment states:

    If you weren't using GTM, you'd need to manually edit your website's HTML to add the new Javascript. However, with GTM, you just update your GTM settings and your website automatically gets the new Javascript.

    So basically GTM exists so that a GTM manager in your organization can do all this stuff directly on the GTM dashboard, and never touch your site's source code (again, with the caveat that I am by no means an expert, this is just my understanding).

    Therefore, by design, it seems to be impossible to modify this behaviour in the source code of the website, therefore I can't see any technical way of providing this functionality within this module.

    The "Tag Manager" tab in the section entitled "Change cookie domain" seems to provide instructions on how to set the cookie domain directly on the GTM dashboard. If I manage to do this, I will write back here.

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States vinmassaro
  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bkosborne New Jersey, USA

    #3 is focusing on google tag manager. While this module supports google tag manager (GTM), not all sites using this module are using GTM. You can use Google Analytics directly and use this module and it will load the google tag script (gtag). This script supports setting the cookie domain, and we need the ability to influence that configuration like the old Google Analytics module did.

    I'm in the same boat as vinmassaro. gtag's default cookie domain setting will result in a huge number of cookies accumulating if you run an organization with hundreds or thousands of sub-domains.

  • Merge request !86Add support for specifying the cookie domain for gtag; Have additional configs... β†’ (Open) created by bkosborne
  • Status changed to Needs review about 2 months ago
  • Comment about 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States bkosborne New Jersey, USA

    Created an MR that adds an advanced setting to configure the value for cookie_domain for gtag. This doesn't affect sites using Tag Manager tags. I went with the simplest approach for now, but I could see this being expanded to support all the other cookie config options as well.

    This also makes another seemingly unrelated change. Previously, when gtag was initialized for each tag ID, only the primary tag ID (the first one) would get the set of additional configuration options passed in. This only included the custom dimensions and metrics. I'm not sure why this was done, but it seems to me that all tags should get the set of dimensions and metrics passed in. What makes the first tag so special? This allowed me to pass in the cookie domain config to all tags.

  • Pipeline finished with Failed
    about 2 months ago
    Total: 329s
    #226875
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024