You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have reviewed the FAQ page for information about cookie management, but found no specific details addressing my concerns.
I would like to report an issue regarding the amzn-checkout-session cookie implementation.
Current Behavior:
The amzn-checkout-session cookie is currently being created on all pages of the store, regardless of whether the customer is using Amazon Pay or not.
When attempting to prevent cookie creation by overriding the storage.js file (amzn/amazon-pay-magento-2-module/view/frontend/web/js/model/storage.js), JavaScript console errors are triggered on various pages, including the product pages.
Technical Impact:
The cookie creation on all pages may not comply with privacy regulations and cookie consent requirements in certain jurisdictions
Attempting to modify the cookie behavior leads to JavaScript errors, making it difficult to implement proper cookie consent management
Legal Concerns:
The automatic cookie creation without user consent may not align with GDPR and similar privacy regulations
This behavior could potentially expose merchants to legal risks in jurisdictions with strict cookie consent requirements
Suggested Improvements:
Implement conditional cookie creation that only triggers when Amazon Pay features are actively being used
Add proper error handling in the JavaScript code to prevent console errors when the cookie is not present
This is an interesting topic worth discussing. One thing to note before going further is the module uses the amzn-checkout-session and amzn-checkout-session-config items in local storage only, and does not include the data stored in them in requests to the server; these are only needed client side to render the button (amzn-checkout-session-config) and make requests to the Amazon Pay API (amzn-checkout-session, which is essentially a UUID). I don't believe the checkout session ID could be construed as personally identifiable.
A genuine question regarding cookie consent in Magento stores, which I can't seem to find a definitive answer for: when a user initially responds to a cookie consent prompt when landing on the site, shouldn't this cover any cookies created by third-party modules? Personally I don't recall visiting a site where I've selected my cookie preferences, traveled through some other portions of the site, and then received a subsequent prompt regarding additional cookies that may be created in that particular area. But maybe this is a genuine concern in some regions.
Hello
I have reviewed the FAQ page for information about cookie management, but found no specific details addressing my concerns.
I would like to report an issue regarding the
amzn-checkout-session
cookie implementation.Current Behavior:
amzn-checkout-session
cookie is currently being created on all pages of the store, regardless of whether the customer is using Amazon Pay or not.amzn/amazon-pay-magento-2-module/view/frontend/web/js/model/storage.js
), JavaScript console errors are triggered on various pages, including the product pages.Technical Impact:
Legal Concerns:
Suggested Improvements:
Would it be possible to modify the cookie creation logic to be more privacy-focused while maintaining the plugin's functionality?
The text was updated successfully, but these errors were encountered: