Is it possible to use ASP.NET to globally block all cookies (including third-party) that are deleted when someone is on my site?

The context of this lies in the very inflated EU privacy law, which makes it illegal for the site to delete any “non-essential” cookies if the user has not “refused” it.

My particular problem is related to the complexity of the site and the many different ways to delete cookies, especially where CMS is managed, which allowed marketers to run riots and implement all kinds of content in different places - mainly around third-party cookies in which javascript, img- pixels, iframe, etc. (I assume that all this allows you to drop third-party cookies by briefly looking at key areas of the site using the FF plugin - I have not tested the mechanisms of each of them yet).

So, I was trying to think about whether there will be a way in ASP.NET to globally intercept and block all cookies that will be deleted on my site, if necessary, and also expand this to check if they are important or not, and if not whether the user has already agreed to delete cookies (which is likely to consist of a cookie with a basic YES).

There are a few things that I don’t understand. First, is it possible to use Response.Filter or Response.Cookies as a pipeline step to cut out cookies that have already been deleted? Secondly - is it possible to intercept any cookie at all or will it be impossible to catch some of the third parties if they directly execute browser requests from the client to the 3rdparty server?

The closest thing I could find, similar to my question, is this , but this seems like a solution for the site, not the user.

+6
source share
1 answer

A reverse proxy with rewriting urls might do it for you. If you spend time tracking resources and deploying a heavy hammer, enable / disable cookies and rewrite third-party URLs to go through your reverse proxy. You can capture and modify your responses to cookies. In addition, if they set cookies on the client using JavaScript, they will be through your server / domain so that you can control them if they are redirected or not.

This is not a simple solution, but it should be possible and can be implemented without changing the application or user.

+1
source

Source: https://habr.com/ru/post/914965/


All Articles