Pantheon Community

Third-party cookies?

Odd question that has us stymied: We have a site where a third-party is placing a cookie that contains a value that we need to access. I understand that Pantheon only reads cookies that start with STYXKEY, but in this instance we won’t be able to get the third-party to change the name.

How have others dealt with this issue with cookies? We’re thinking some javascript magic will need to be invoked, but that seems wrong on many levels. All ideas are welcome!

What would you use the value of this cookie for?

Most likely, you’d need to access it via JS and then pass it to backend PHP in a way that bypasses Pantheon’s caching. But this architecture depends on what you need the value for.

The client uses a third-party service to manage their membership records. We send them offsite to enter their username and password, which then sends back a token that then sets a cookie. It’s not SSO, but a kind of authentication, if that makes sense.

EDIT: Let’s try saying that another way: We need to use the value in that cookie to determine the visitor’s “membership status” and show or hide content accordingly.

Hey Anne,

There are two options here, JavaScript as previously mentioned, which has the downside of not working until the 2nd request the user makes, or you have to force refresh them to unlock the correct content. The second option is to use a proxy or similar in front of the site.

This is actually something that I work on with my team here at Pantheon through our Advanced CDN. We can use Advanced CDN in front of your site to maintain all of the advantages of the Global CDN layer, but with more advanced features. In fact depending on how the cookies are verified, it’s possible that the authentication layer could be moved entirely to the edge. If not, we could re-write the keys into a pattern that works with Global CDN, or we could add a custom header that your application checks for instead of the cookie. You account rep can get you more details if that’s a route that would make sense for your client.

Alternatives to ACDN would be to use Apache or Nginx to proxy traffic and modify the cookies.

Outside of those two options I can’t think of any other ways around this.

Hope that helps!

1 Like

Using Doug’s idea for a proxy in front to modify the cookies is a great idea. I’ve used Cloudflare Workers in front of Pantheon’s CDN to modify requests so that our backend code can respond to non-cacheable request data.

In your case, Anne, the Worker could read the custom cookie and copy its value to a Pantheon caching-friendly cookie (whose name is prefixed with STYXKEY). (You could also copy the value to a custom header, but that may lead to caching user-customized pages, which is not good.) If you’re interested, I can post snippet of the Cloudflare Worker code as an example.

1 Like

Yeah, that would be great to have as a resource!

We’ve just about got it solved with javascript. (And by we, I mean, my colleague who’s got more patience than I do!)

1 Like