User Consent Cookie
lightning/userConsentCookie
Manages cookie consent preferences on a component.
For Use In
Experience Builder Sites
The lightning/userConsentCookie module provides utility functions that enable you to incorporate the Cookie Consent mechanism in your components. This module abstracts all the cookie functions, such as fetching, reading, writing, and updating cookies. This component requires API version 53.0 or later.
To implement user-authorized cookie consent:
- Enable cookie consent in Security & Privacy Settings. You can then provide users the option to allow Marketing, Preference, and Statistics cookies as well. If you don’t enable cookie consent, only Required cookies are allowed.
- Import the
userConsentCookiemodule in your cookie consent component JavaScript. - Add the ability for a user to consent to one or more specific cookie types (Required, Marketing, Preference, and Statistics) using HTML and JavaScript in your consent component.
Two Salesforce cookies (CookieConsentPolicy and CookieConsent) are used to put this scheme into place across your org. Client-side APIs enable you to check and set the cookie consent preferences that are persisted in the two Salesforce cookies.
As mentioned above, Salesforce ePrivacy consent is managed through the interaction of two cookies, CookieConsentPolicy and CookieConsent.
-
The CookieConsentPolicy cookie records whether consent is enabled. Consent is enabled by an admin in the Security & Privacy settings. See Enable Cookie Consent in Security & Privacy.
-
The CookieConsent cookie records the user’s consent choices, and is used only when consent is enabled and reflected in the CookieConsentPolicy cookie. The CookieConsent cookie is set by way of ePrivacyCookie client-side functions through user choices. See Manage Consent Options with ePrivacyCookieConsent Functions.
An org administrator enables Cookie Consent from Settings in the Security & Privacy tab. Under Site Cookie Usage, turn on the Allow only required cookies for this site toggle to restrict the consent to Required cookies only.
Turn on the toggle to enable consent for Required, Marketing, Preference, or Statistics cookies. Your code can then provide users with the ability to fine-tune consent for the cookie types they do and do not want to permit.
The ePrivacyCookieConsent component provides two JavaScript functions that enable you to manage user consent options:
isCategoryAllowedForCurrentConsent()retrieves the user’s decision about a cookie category. See Check Consent With isCategoryAllowedForCurrentConsent() below.setCookieConsent()records the user’s consent. See Set Preferences WithsetCookieConsent().
To call the component's methods, you must import the lightning/userConsentCookie component inside your custom component. For example:
The isCategoryAllowedForCurrentConsent function enables you to check consent for a single cookie category. Specify the category you want to check consent for. Valid values are Required, Preference, Marketing, and Statistics.
| Parameter | Type | Description |
|---|---|---|
| Name | String | Cookie category to check consent for. |
To see this function called in context, see the Example section.
This client-side method relies on the ConsentPreference JavaScript object, which contains the list of one or more cookie categories you want to grant or deny consent for.
| Parameter | Type | Description |
|---|---|---|
| ConsentPreference | object | Cookie categories to set preferences for. |
The ConsentPreference object structure is as follows:
For example, if you wanted to grant consent for the Marketing category, but deny consent for the Preferences category, you would do something similar to the following:
In this example, the “Statistics” category is not listed, so cookies of that type are denied consent by default.
To see this function called in context, see the Example section below.
This example shows a component that sets or clears the consent for four categories of cookie: Essential, Preferences, Marketing, and Statistics. Feel free to modify the UI, but don't change the defined categories, as these are standard categories used throughout the Salesforce application.
In the consent component’s JavaScript, the cookie consent methods are imported and used in the change handlers for input toggle components.
The component HTML template presents toggle inputs for the user to choose the types of cookies to accept and a button to set the consent value.
The structure of CookieConsentPolicy value is:
SiteOptionValue
with possible values of either "0:1" or "1:1".
The second bit (CookieConsentPermValue) in the cookie value is always enabled.
If the value is "0:1", only essential cookies will be enabled. If the value is "1:1". cookies will be enabled and disabled based on the consent preferences of the customer.
The following table defines the fields of the CookieConsent cookie:
| Field | Type | Encoding | Purpose |
|---|---|---|---|
| Cookie Version | String | n/a | Format Sensitivity |
| Metadata Version | String | n/a | Metadata Sensitivity |
| Timestamp | String | ISO_INSTANT: YYYY-mm-DDTHH:MM | Consent Time Sensitivity |
| Consent | String | Hexadecimal or plaintext | Array or bit-vector of consent-per-classification |
| ReconsentRequired | boolean | integer | Notify the consent UI that re-consent is required, without dropping existing consent preferences. |
An example of this cookie would be:
230.6.1:20.4.0:2021-08-03T06:21:44Z:1100:0
In this example, the Consent field of 1100 indicates that Required and Preference cookies are permitted, but Marketing and Statistics cookies are not.
This client-side method relies on the ConsentPreference JavaScript object which contains the list of one or more cookie categories you want to grant or deny consent for.
| Parameter | Type | Description |
|---|---|---|
| ConsentPreference | object | Cookie categories to set preferences for. |
The ConsentPreference object structure is as follows:
For example, if you plan to grant consent for the Marketing category, but deny consent for the Preferences category, you would prepare this object:
A complete example is as follows:
To check consent with this simple call, specify the category you want to check consent for.
| Parameter | Type | Description |
|---|---|---|
| Name | String | Cookie category to check consent for. |
This check returns the consent value for the specified category. See Enable Cookie Consent in Security & Privacy.