rudderlabs · MoumitaM · May 22, 2024 · Mar 18, 2024 · Mar 18, 2024 · Mar 19, 2024
@@ -147,6 +147,8 @@ export type LoadOptions = {
   consentManagement?: ConsentManagementOptions;
   sameDomainCookiesOnly?: boolean;
   externalAnonymousIdCookieName?: string;
+  useServerSideCookies?: boolean;
+  cookieServerUrl?: string;
 };
 
 export type ConsentOptions = {

@@ -26,6 +26,6 @@ module.exports = [
   {
     name: 'Core - CDN',
     path: 'dist/cdn/modern/iife/rsa.min.js',
-    limit: '23 KiB',
+    limit: '23.5 KiB',
   },
 ];
@@ -77,6 +77,14 @@ const handlers = [
       },
     });
   }),
+  http.post(`${dummyDataplaneHost}/setCookie`, () => {
+    return new HttpResponse(null, {
+      status: 200,
+      headers: {
+        'Content-Type': 'application/json; charset=utf-8',
+      },
+    });
+  }),
 ];
 
 export { handlers };
@@ -20,6 +20,8 @@ import {
   entriesWithOnlyNoStorage,
   entriesWithStorageOnlyForAnonymousId,
 } from '../../../__fixtures__/fixtures';
+import { server } from '../../../__fixtures__/msw.server';
+import { defaultHttpClient } from '../../../src/services/HttpClient';
 
 jest.mock('@rudderstack/analytics-js-common/utilities/uuId', () => ({
   generateUUID: jest.fn().mockReturnValue('test_uuid'),
@@ -84,6 +86,7 @@ describe('User session manager', () => {
       defaultLogger,
       defaultPluginsManager,
       defaultStoreManager,
+      defaultHttpClient,
     );
   });
 
@@ -1371,16 +1374,99 @@ describe('User session manager', () => {
   });
 
   describe('getExternalAnonymousIdByCookieName', () => {
-    it('Should return null if the cookie value does not exists', () => {
+    it('should return null if the cookie value does not exists', () => {
       const externalAnonymousId =
         userSessionManager.getExternalAnonymousIdByCookieName('anonId_cookie');
       expect(externalAnonymousId).toEqual(null);
     });
-    it('Should return the cookie value if exists', () => {
+    it('should return the cookie value if exists', () => {
       document.cookie = 'anonId_cookie=sampleAnonymousId12345';
       const externalAnonymousId =
         userSessionManager.getExternalAnonymousIdByCookieName('anonId_cookie');
       expect(externalAnonymousId).toEqual('sampleAnonymousId12345');
     });
   });
+
+  describe('syncValueToStorage', () => {
+    it('should call setServerSideCookie method in case useServerSideCookie load option is set to true', () => {
+      state.loadOptions.value.useServerSideCookies = true;
+      state.storage.entries.value = entriesWithOnlyCookieStorage;
+      const spy = jest.spyOn(userSessionManager, 'setServerSideCookie');
+      userSessionManager.syncValueToStorage('anonymousId', 'dummy_anonymousId');
+      expect(spy).toHaveBeenCalledWith('rl_anonymous_id', 'dummy_anonymousId', expect.any(Object));
+    });
+  });
+
+  describe('setServerSideCookie', () => {
+    beforeAll(() => {
+      server.listen();
+    });
+
+    afterAll(() => {
+      server.close();
+    });
+    const mockCookieStore = {
+      encrypt: jest.fn(val => `encrypted_${JSON.parse(val)}`),
+      set: jest.fn(),
+    };
+    it('should make external request to exposed endpoint', () => {
+      state.lifecycle.activeDataplaneUrl.value = 'https://dummy.dataplane.host.com';
+      state.storage.cookie.value = {
+        maxage: 10 * 60 * 1000, // 10 min
+        path: '/',
+        domain: 'example.com',
+        samesite: 'Lax',
+      };
+      const spy = jest.spyOn(defaultHttpClient, 'getAsyncData');
+      userSessionManager.setServerSideCookie('key', 'sample_cookie_value_1234', mockCookieStore);
+      expect(spy).toHaveBeenCalledWith({
+        url: `https://dummy.dataplane.host.com/setCookie`,
+        options: {
+          method: 'POST',
+          data: JSON.stringify({
+            key: 'key',
+            value: 'encrypted_sample_cookie_value_1234',
+            options: {
+              maxage: 10 * 60 * 1000,
+              path: '/',
+              domain: 'example.com',
+              samesite: 'Lax',
+            },
+          }),
+          sendRawData: true,
+        },
+        callback: expect.any(Function),
+      });
+    });
+    it('should use provided server url to make external request for setting cookie', () => {
+      state.lifecycle.activeDataplaneUrl.value = 'https://dummy.dataplane.host.com';
+      state.loadOptions.value.cookieServerUrl = 'https://example.com';
+      state.storage.cookie.value = {
+        maxage: 10 * 60 * 1000, // 10 min
+        path: '/',
+        domain: 'example.com',
+        samesite: 'Lax',
+      };
+      const spy = jest.spyOn(defaultHttpClient, 'getAsyncData');
+      userSessionManager.setServerSideCookie('key', 'sample_cookie_value_1234', mockCookieStore);
+      expect(spy).toHaveBeenCalledWith({
+        url: `https://example.com/setCookie`,
+        options: {
+          method: 'POST',
+          data: JSON.stringify({
+            key: 'key',
+            value: 'encrypted_sample_cookie_value_1234',
+            options: {
+              maxage: 10 * 60 * 1000,
+              path: '/',
+              domain: 'example.com',
+              samesite: 'Lax',
+            },
+          }),
+          sendRawData: true,
+        },
+        callback: expect.any(Function),
+      });
+    });
+  });
 });
@@ -80,6 +80,7 @@
         destSDKBaseURL:
           '__DEST_SDK_BASE_URL__' + window.rudderAnalyticsBuildType + '/js-integrations',
         pluginsSDKBaseURL: '__PLUGINS_BASE_URL__' + window.rudderAnalyticsBuildType + '/plugins',
+        // useServerSideCookie:true,        
         // queueOptions: {
         //   batch: {
         //     maxSize: 5 * 1024, // 5KB

@@ -9,7 +9,11 @@
 import type { Destination } from '@rudderstack/analytics-js-common/types/Destination';
 import type { ILogger } from '@rudderstack/analytics-js-common/types/Logger';
 import { CONFIG_MANAGER } from '@rudderstack/analytics-js-common/constants/loggerContexts';
-import { isValidSourceConfig, validateLoadArgs } from './util/validate';
+import {
+  isValidSourceConfig,
+  validateLoadArgs,
+  validateAndReturnCookieServerUrl,
+} from './util/validate';
 import {
   DATA_PLANE_URL_ERROR,
   SOURCE_CONFIG_FETCH_ERROR,
@@ -91,6 +95,13 @@
         lockIntegrationsVersion,
         this.logger,
       );
+      if (state.loadOptions.value.cookieServerUrl) {
+        state.loadOptions.value.cookieServerUrl = validateAndReturnCookieServerUrl(
+          state.loadOptions.value.useServerSideCookies,
+          state.loadOptions.value.cookieServerUrl,
+          this.logger,
+        );
+      }
     });
 
     this.getConfig();

@@ -4,9 +4,11 @@
   SUPPORTED_STORAGE_TYPES,
   type StorageType,
 } from '@rudderstack/analytics-js-common/types/Storage';
+import type { ILogger } from '@rudderstack/analytics-js-common/types/Logger';
 import {
   WRITE_KEY_VALIDATION_ERROR,
   DATA_PLANE_URL_VALIDATION_ERROR,
+  COOKIE_SERVER_URL_INVALID_ERROR,
 } from '../../../constants/logMessages';
 import { isValidUrl } from '../../utilities/url';
 
@@ -37,10 +39,25 @@
 const isValidStorageType = (storageType?: StorageType): boolean =>
   typeof storageType === 'string' && SUPPORTED_STORAGE_TYPES.includes(storageType);
 
+const validateAndReturnCookieServerUrl = (
+  useServerSideCookies?: boolean,
+  cookieServerUrl?: string,
+  logger?: ILogger,
+) => {
+  if (useServerSideCookies && cookieServerUrl) {
+    if (isValidUrl(cookieServerUrl)) {
+      return cookieServerUrl;
+    }
+    logger?.error(COOKIE_SERVER_URL_INVALID_ERROR('cookieServerUrl'));
+  }
+  return 'invalid';
+};
+
 export {
   validateLoadArgs,
   isValidSourceConfig,
   isValidStorageType,
   validateWriteKey,
   validateDataPlaneUrl,
+  validateAndReturnCookieServerUrl,
 };
@@ -242,6 +242,7 @@ class Analytics implements IAnalytics {
       this.logger,
       this.pluginsManager,
       this.storeManager,
+      this.httpClient,
     );
     this.eventRepository = new EventRepository(
       this.pluginsManager,

@@ -27,6 +27,8 @@
 } from '@rudderstack/analytics-js-common/constants/storages';
 import type { UserSessionKey } from '@rudderstack/analytics-js-common/types/UserSessionStorage';
 import type { StorageEntries } from '@rudderstack/analytics-js-common/types/ApplicationState';
+import type { IHttpClient } from '@rudderstack/analytics-js-common/types/HttpClient';
+import { stringifyWithoutCircular } from '@rudderstack/analytics-js-common/utilities/json';
 import {
   CLIENT_DATA_STORE_COOKIE,
   CLIENT_DATA_STORE_LS,
@@ -39,6 +41,8 @@
 import { state } from '../../state';
 import { getStorageEngine } from '../../services/StoreManager/storages';
 import {
+  COOKIE_SERVER_REQUEST_FAIL_ERROR,
+  FAILED_SETTING_COOKIE_FROM_SERVER_FAIL_ERROR,
   TIMEOUT_NOT_NUMBER_WARNING,
   TIMEOUT_NOT_RECOMMENDED_WARNING,
   TIMEOUT_ZERO_WARNING,
@@ -50,7 +54,7 @@
   hasSessionExpired,
   isStorageTypeValidForStoringData,
 } from './utils';
-import { getReferringDomain } from '../utilities/url';
+import { getReferringDomain, removeTrailingSlashes } from '../utilities/url';
 import { getReferrer } from '../utilities/page';
 import { DEFAULT_USER_SESSION_VALUES, USER_SESSION_STORAGE_KEYS } from './constants';
 import type { IUserSessionManager, UserSessionStorageKeysType } from './types';
@@ -59,19 +63,22 @@
 class UserSessionManager implements IUserSessionManager {
   storeManager?: IStoreManager;
   pluginsManager?: IPluginsManager;
-  logger?: ILogger;
   errorHandler?: IErrorHandler;
+  httpClient?: IHttpClient;
+  logger?: ILogger;
 
   constructor(
     errorHandler?: IErrorHandler,
     logger?: ILogger,
     pluginsManager?: IPluginsManager,
     storeManager?: IStoreManager,
+    httpClient?: IHttpClient,
   ) {
     this.storeManager = storeManager;
     this.pluginsManager = pluginsManager;
     this.logger = logger;
     this.errorHandler = errorHandler;
+    this.httpClient = httpClient;
     this.onError = this.onError.bind(this);
   }
 
@@ -262,6 +269,50 @@
     }
   }
 
+  /**
+   * A function to make an external request to set the cookie from server side
+   * @param key       cookie name
+   * @param value     encrypted cookie value
+   */
+  setServerSideCookie(key: string, value: ApiObject | string, store?: IStore): void {
+    const encryptedCookieValue = store?.encrypt(
+      stringifyWithoutCircular(value, false, [], this.logger),
+    );
+    if (encryptedCookieValue) {
+      let baseUrl = state.lifecycle.activeDataplaneUrl.value;
+      const { cookieServerUrl } = state.loadOptions.value;
+      if (cookieServerUrl) {
+        if (cookieServerUrl === 'invalid') {
+          return;
+        }
+        baseUrl = cookieServerUrl;
+      }
+      this.httpClient?.getAsyncData({
+        url: `${removeTrailingSlashes(baseUrl as string)}/setCookie`,
+        options: {
+          method: 'POST',
+          data: stringifyWithoutCircular({
+            key,
+            value: encryptedCookieValue,
+            options: state.storage.cookie.value,
+          }) as string,
+          sendRawData: true,
+        },
+        callback: (res, details) => {
+          if (details?.xhr?.status === 200) {
+            const cookieValue = store?.get(key);
+            if (cookieValue !== value) {
+              this.logger?.error(FAILED_SETTING_COOKIE_FROM_SERVER_FAIL_ERROR(key));
+            }
+          } else {
+            this.logger?.error(COOKIE_SERVER_REQUEST_FAIL_ERROR(details?.xhr?.status));
+            store?.set(key, value);
+          }
+        },
+      });
+    }
+  }
+
   /**
    * A function to sync values in storage
    * @param sessionKey
@@ -272,14 +323,20 @@
     value: Nullable<ApiObject> | Nullable<string> | undefined,
   ) {
     const entries = state.storage.entries.value;
-    const storage = entries[sessionKey]?.type as StorageType;
-    const key = entries[sessionKey]?.key as string;
-    if (isStorageTypeValidForStoringData(storage)) {
+    const storageType = entries[sessionKey]?.type as StorageType;
+    if (isStorageTypeValidForStoringData(storageType)) {
       const curStore = this.storeManager?.getStore(
-        storageClientDataStoreNameMap[storage] as string,
+        storageClientDataStoreNameMap[storageType] as string,
       );
-      if ((value && isString(value)) || isNonEmptyObject(value)) {
-        curStore?.set(key, value);
+      const key = entries[sessionKey]?.key as string;
+      if (value && (isString(value) || isNonEmptyObject(value))) {
+        // if useServerSideCookies load option is set to true
+        // set the cookie from server side
+        if (state.loadOptions.value.useServerSideCookies && storageType === COOKIE_STORAGE) {
+          this.setServerSideCookie(key, value, curStore);
+        } else {
+          curStore?.set(key, value);
+        }
       } else {
         curStore?.remove(key);
       }

@@ -57,6 +57,15 @@
 
   normalizedLoadOpts.sendAdblockPage = normalizedLoadOpts.sendAdblockPage === true;
 
+  normalizedLoadOpts.useServerSideCookies = normalizedLoadOpts.useServerSideCookies === true;
+
+  if (
+    normalizedLoadOpts.cookieServerUrl &&
+    typeof normalizedLoadOpts.cookieServerUrl !== 'string'
+  ) {
+    delete normalizedLoadOpts.cookieServerUrl;
+  }
+
   if (!isObjectLiteralAndNotNull(normalizedLoadOpts.sendAdblockPageOptions)) {
     delete normalizedLoadOpts.sendAdblockPageOptions;
   }