Blogs

If you have enabled the GDPR Compliance for Cookies feature then any custom code that creates cookies should check to see if the user has opted out of the cookie type, before creating the cookie.

For example clicking 'Confirm' with the settings below means the user is opting out of Performance Cookies and Personalization Cookies:

In this case it means we shouldn't be creating cookies that are for Performance or Personalization for this user.

JavaScript

If standard JavaScript code is used to create a cookie then the cookie will be created, regardless of the users Cookie Configuration, which isn't ideal.

However Liferay makes it easy to comply with the users wishes with Liferay.Util.Cookie.set().

See the following sample snippets for each of the 4 types:

const expires = new Date();
expires.setDate(expires.getDate() + 365);

if (Liferay?.Util?.Cookie) {
    Liferay.Util.Cookie.set(
        "mw-necessary",
        "hello this is a test necessary cookie",
        Liferay.Util.Cookie.TYPES.NECESSARY,
        {
            expires,
            secure: true,
        }
    );
}

if (Liferay?.Util?.Cookie) {
    Liferay.Util.Cookie.set(
        "mw-functional",
        "hello this is a test functional cookie",
        Liferay.Util.Cookie.TYPES.FUNCTIONAL,
        {
            expires,
            secure: true,
        }
    );
}

if (Liferay?.Util?.Cookie) {
    Liferay.Util.Cookie.set(
        "mw-performance",
        "hello this is a test performance cookie",
        Liferay.Util.Cookie.TYPES.PERFORMANCE,
        {
            expires,
            secure: true,
        }
    );
}

if (Liferay?.Util?.Cookie) {
    Liferay.Util.Cookie.set(
        "mw-personalization",
        "hello this is a test personalization cookie",
        Liferay.Util.Cookie.TYPES.PERSONALIZATION,
        {
            expires,
            secure: true,
        }
    );
}

Where:
-  "mw-functional" is the cookie name.
-  "hello this is a test functional" is the cookie value.
- expires is the duration. Set expires value be -1 for a non-persistent / session cookie.

In this example, if the user has opted out of 'Performance' and 'Personalization' cookies then the JavaScript snippet above won't create those cookies, but will create the 'Necessary' and 'Functional' cookies.

Liferay.Util.Cookie.set() returns true if the cookie was set, or false it the cookie wasn't set.

A cookie value can be retrieved with Liferay.Util.Cookie.get(name) for example:

Liferay.Util.Cookie.get("mw-functional");

Java

Within Java code you can use com.liferay.portal.kernel.cookies.CookiesManagerUtil which has methods:

addCookie(int consentType, Cookie cookie, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse)

and

addCookie(int consentType, Cookie cookie, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean secure)

where consentType is one of these values from com.liferay.portal.kernel.cookies.constant.CookiesConstants:

CookiesConstants.CONSENT_TYPE_FUNCTIONAL

CookiesConstants.CONSENT_TYPE_NECESSARY

CookiesConstants.CONSENT_TYPE_PERFORMANCE

CookiesConstants.CONSENT_TYPE_PERSONALIZATION

and cookie is javax.servlet.http.Cookie

Conclusion

If the cookie is absolutely necessary for your system to function then use 'Necessary', but don't abuse this by using it for cookies that are better suited to 'Performance' or 'Personalization'.

If the feature isn't enabled then all of the cookie types can be created using Liferay.Util.Cookie.set().

See GDPR compliance for more information on the topic of cookies.