public CookieConsentFilter(
IUserAgent userAgent,
ICommonServices services,
Lazy <IWidgetProvider> widgetProvider,
PrivacySettings privacySettings)
{
_userAgent = userAgent;
_services = services;
_widgetProvider = widgetProvider;
_privacySettings = privacySettings;
_consentStatus = CookieConsentStatus.Unset;
}
public static void SetCookie(HttpResponseBase response, CookieConsentStatus status)
{
if (status == CookieConsentStatus.Unset)
{
return;
}
var expiry = status == CookieConsentStatus.Asked ? TimeSpan.FromMinutes(10) : TimeSpan.FromDays(365);
var consentCookie = new HttpCookie(CookieConsent.ConsentCookieName)
{
Value = ((int)status).ToString(),
Expires = DateTime.UtcNow + expiry
};
response.Cookies.Set(consentCookie);
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
_isProcessableRequest = IsProcessableRequest(filterContext);
if (!_isProcessableRequest)
{
return;
}
var request = filterContext.HttpContext.Request;
var response = filterContext.HttpContext.Response;
// Check if the user has a consent cookie
var consentCookie = request.Cookies[CookieConsent.ConsentCookieName];
if (consentCookie == null)
{
// No consent cookie. We first check the Do Not Track header value, this can have the value "0" or "1"
var doNotTrack = request.Headers.Get("DNT");
// If we receive a DNT header, we accept its value (0 = give consent, 1 = deny) and do not ask the user anymore...
if (doNotTrack.HasValue())
{
_consentStatus = doNotTrack == "0"
? CookieConsentStatus.Consented
: CookieConsentStatus.Denied;
}
else
{
if (_userAgent.IsBot)
{
// Don't ask consent from search engines, also don't set cookies
_consentStatus = CookieConsentStatus.Consented;
}
else
{
// First request on the site and no DNT header (we use session cookie, which is allowed by EU cookie law).
_consentStatus = CookieConsentStatus.Asked;
CookieConsent.SetCookie(response, _consentStatus);
}
}
}
else
{
// We received a consent cookie
var cookieSet = false;
if (int.TryParse(consentCookie.Value, out var i))
{
_consentStatus = (CookieConsentStatus)i;
}
else
{
// Legacy
var str = consentCookie.Value;
if (str == "asked")
{
_consentStatus = CookieConsentStatus.Asked;
}
else if (str == "true")
{
_consentStatus = CookieConsentStatus.Consented;
}
else
{
_consentStatus = CookieConsentStatus.Denied;
}
// Fix legacy value
CookieConsent.SetCookie(response, _consentStatus);
cookieSet = true;
}
if (_consentStatus == CookieConsentStatus.Asked && !cookieSet)
{
// Consent has been asked for
CookieConsent.SetCookie(response, _consentStatus);
}
}
filterContext.Controller.ViewBag.CookieConsentStatus = _consentStatus;
}
