What about scripting?

Client scripting can read and write cookies in many ways.

To enforce correct handling of cookies by scripting, you can pass information to the client concerning the policy. When writing Smartlets, this is easily done by passing behavior settings, such as in the example below:

Smartsite SXML	Copy Code
{buffer.set(cookie, 'my_cookie_name')} {sys.iif(! user.policy.iscookieallowed($cookie), buffer.set(cookie, scf.clientvar("null")))} {scf.behavior.attach(".test", "my_behavior", 'cookie', $cookie)}

For other cases where cookies are written by the client, consider placing these cookies into the 'Strictly Necessary Cookies' group, rewrite the code to (optionally) bypass cookies, or exclude the scripts for users not allowing the given cookies.