Satisfying EU cookie regulations using The cookiesDirective.js and TrafficScript

Introduction

While I was thinking of writing an article on how to use the traffic manager to satisfy EU cookie regulations, I figured "somebody else has probably done all the hard work".  Sure enough, a quick search turned up an excellent and (more importantly) free utility called cookiesDirective.js.  In addition to cookieDirective.js being patently nifty, its website left me with a nostalgic craving for a short, wide glass of milk.

Background

If you're reading this article, you probably have a good idea of why you might want (need) to disclose to your users that your site uses cookies.  You should visit the site at http://cookiesdirective.com in order to gain a richer understanding of what the cookieDirective script actually does and why you might want to use it.  For the impatient, let's just assume that you're perfectly happy for random code to run in your visitors' browsers.  

Requirements

• A website.
• A TrafficScript-enabled traffic manager, configured to forward traffic to your web servers.

Preparation

According to the directions, one must follow "just a simple 3-step process" in order to use cookieDirective.js:

1. Move cookie-generating JavaScript in your page (such as Google Analytics) in to a separate file, and the name of the file to a function that causes it to get loaded before the closing </head> tag in the HTML body.  Basically, this makes it possible to display the cookie disclosure message before the cookie-generating code gets run by the browser.  That much moving code around is not within the scope of this article.  For now, let's assume that displaying the message to the user is "good enough".
2. Add a snippet of code to the end of your html body that causes the browser to download cookiesDirective.js.  In the example code, it gets downloaded directly from cookiesdirective.com, but you should really download it and host it on your own web server if you're going to be using it in production.
3. Add another snippet of code that runs the JavaScript.  This is the bit that causes the popup to appear.

The Goods

# The path to your home page?
$homepath = '/us/';


# The location on the page where the cookie notification should appear (top or bottom)?
$noticelocation = 'bottom';


# The URL that contains your privacy statement.
$privacyURL = 'http://www.riverbed.com/us/privacy_policy.php';

# ==== DO NOT EDIT BELOW THIS LINE! (unless you really want to) ====

sub insert_before_endbody($response, $payload){

   # Search from the end of the document for the closing body tag.
   $idx = string.findr($response, "</body>");

   # Insert the payload.
   $response = string.substring($response, 0, $idx-1) . $payload . string.substring($response, $idx, -1);

   # Return the response.
   return $response;

}

$path = http.getpath();

if ( $path == $homepath ){

   # Initialize the response body.
   $response = http.getresponsebody();

   # Cookie-generating JavaScript gets loaded in this function.
   $wrapper = '<script type="text/javascript">function cookiesDirectiveScriptWrapper(){}</script>';

   # Imports the cookiesdirective code.
   # FIXME: Download the package and host it locally!

   $code = '<script type=_

   # Executes the cookiesdirective code, providing the appropriate arguments.
   $run = '<script type="text/javascript">cookiesDirective(\'' . $noticelocation . '\',0,\'' . $privacyURL . '\',\'\');</script>';

   # Insert everything into the response body.
   foreach($snippet in [$wrapper, $code, $run]){
      $response = insert_before_endbody($response, $snippet);
   }

   # Update the response data.
   http.setresponsebody($response);
}

This particular example works on the main Riverbed site.  To get the code to work, you'll need to change at least the $homepath and $privacyURL variables.  If you want the notice to appear at the top of the page, you can change the $noticelocation variable.

NOTE: Remember to apply this rule to your virtual server as a response rule!