Cookie Manager

In the EU, all websites must explicitly provide users with the opportunity to refuse the use of cookies.

This means that you are required to obtain consent from each visitor before storing or accessing information in a cookie – read more about the EU cookie legislation here.

To present a cookie compliance warning and comply with EU Law, you can use the Dynamicweb Cookie Manager:

  • Go to Settings > Web and Http
  • Click on the Cookie Manager node to open it (Figure 1.1)
Figure 1.1 The Cookie Manager

The Cookie Manager is disabled by default – to enable it click enable cookie manager. Once enabled, the Cookie Manager can render either template-based or custom cookie warnings, using JavaScript of .NET.

Below these settings, you can use the cookie deactivation lists (Figure 1.2) to mark some of your cookies as tracking cookies & secure cookies, by moving them to the Selected Cookies lists.

You can also add custom cookies to the solution, and set the cookie lifetime.

Please note:

  • Secure cookies only work on https enabled sites – this means that features which rely on cookies which are secure will not work when the context is http
  • All cookies saved through the Cookie Manager are HttpOnly by default – but you can disable this using the Disable HttpOnly cookies
Figure 1.2 Managing cookies

Dynamicweb Cookies

Dynamicweb sets these cookies on a public Dynamicweb based website:

  • "DWExtranet" (Persistent cookie)
    Contains information about username, password (encrypted) and remember me functionality if users authenticate themselves with username and password on the website using the Extranet module of Dynamicweb.

    This cookie expires 1 month after the user’s last login. It can be disabled by not using the login features of Dynamicweb or alternatively by not offering the remember username and password features.
     
  • "Dynamicweb"
    Dynamicweb.VisitDate: Contains a date for the last visit to the website used for logging purposes in the statistics module.

    Dynamicweb.VisitorID: Contains a Dynamicweb assigned ID of the visitor used for logging purposes in OMC and the statistics module that are used to recognize returning visitors to the website. This information is used to profile returning visitors throughout several visits. This cookie expires 1 year after the users last visit.

    Dynamicweb.SessionVisitor.*: Contains a Dynamicweb assigned session id of the current visitor to control logins, carts and other visitor context dependent information. This cookie is used instead of regular sessionids that can expire if the user closes the browser and opens again. The sub cookie  VisitorDynamics keeps score information about what type content the current visitor has been seeing. This cookie expires 30 minutes after the users last activity (pageview).

The template selected in the Cookie Manager settings are used on all websites in a solution – and cannot be fully disabled.

However, you can create an empty warning template and use it on the websites which should not display a cookie warning.

To do so:

  • Go to the Website settings
  • Click the Cookies-button in the ribbon bar
  • Select the empty template (or select Custom and don’t implement any custom code)

This de facto disables the Cookie Manager on that website.