whitecube/laravel-cookie-consent

cookie encryption must be disabled

Opened this issue · 3 comments

this will not work with cookie encryption enabled, you need to add them to your cookieEncrypt middleware exceptions

Hi @gaud2029,

Thanks for bringing this up. Did you have the opportunity to dig a bit deeper and figure out why the package does not work with cookie encryption enabled? If so, do you mind sharing your findings? If not, I'll try to have a look but I'm not sure I'll be able to do so shortly. Thanks!

If this helps any - I've just bumped into this issue. Not sure why, because I have two projects using this package and one of them works fine without this.

In the project that's having an issue, inside the CookiesManager, if I spit out the result of json_decode($raw, true) on the encrypted cookie:

    /**
     * Retrieve the eventual existing cookie data.
     */
    protected function getCurrentConsentSettings(Request $request): ?array
    {
        $preferences = ($raw = $request->cookie(config('cookieconsent.cookie.name')))
            ? json_decode($raw, true)
            : null;
+.       dd(json_decode($raw, true));

        if (! $preferences || ! is_int($preferences['consent_at'] ?? null)) {
            return null;
        }

then I see that that's evaluating to null:
Screenshot 2024-03-28 at 20 40 28

And this is what's causing the settings to behave as if they don't exist at all.

this will not work with cookie encryption enabled, you need to add them to your cookieEncrypt middleware exceptions

In AppServiceProvider.php:

$consentCookieName = config('cookieconsent.cookie.name');
EncryptCookies::except([$consentCookieName]);