Blocking CMSCsrfCookie with 3rd party company

Beau Cowan asked on August 5, 2020 19:23

I have a site that our company is maintaining for a new client. They didn't have any source code from the previous company that built their site, and we are trying to maintain what we can until we can get a redesign and refactoring agreement in place. This instance is on Azure and is in Kentico 10.

They have a 3rd party Cookie Law plugin called OneTrust that they are using. We are identifying which cookies fall into each category, and I found the documentation that displays that for Kentico found here: https://docs.kentico.com/k10/configuring-kentico/adding-cookie-law-consent-to-web-pages/reference-kentico-cookies

We have been able to identify and create exceptions for cookies necessary for Kentico to function, but the CMSCsrfCookie appears to be one that needs to be blocked until the user has given consent. Since I have no access to the backend code, I was wondering if there is a way to accomplish this? Or is this a situation where the cookie is deemed essential in order for the site to function?

I've gone through all of the documentation and forums and haven't come across anything similar to what I'm looking to accomplish. Any input would be helpful.

Thank you for your time.

Correct Answer

David te Kloese answered on August 6, 2020 10:27

CMSCsrfCookie is tagged as a System cookie and is used for security purposes. Unless you turn CRSF protection completely off it's needed.

You can read some more as to what it does in the docs at docs.kentico.com/.../developing-secure-websites/cross-site-request-forgery-csrf-xsrf

2 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.