On Tue, Dec 12, 2017 at 11:33 AM, 'dennis.nijssen' via Hippo Community
<
hippo-c...@googlegroups.com> wrote:
> I agree and disagree :) I mainly disagree because developers (like me) can
> find the override feature. And when its documented, it will also get in the
> release notes when a change has been made. Which will help me ofcourse!
I agree and disagree :-)
The biggest problem is that we ourselves typically don't really
realize what changes can probably result in an end project failure. If
we for example do some restructuring of spring bean wiring, then end
projects that did override spring beans might break. Spring bean
shuffling can now be done as part as some refactoring or bug fix. We
don't explicitly document this. Also as opposed to javadoc, there is
no way we can easily communicate deprecation of some api....and we
don't formally support the spring wiring as api although of course we
*try* to avoid unnecessary end project pain. Also making spring wiring
api is very difficult....only take the method invoking factory bean as
example : It is very difficult to support this as api if devs can
pretty much use reflection to hook in pretty much everything.
I hope you see my point above. Now, given that, *if* we formally
document how you can override all kind of targeting internals, we
pretty much might end up in everything being cast in concrete because
we can't touch anything any more...or think really hard about impact
and write complex upgrade documentation.
> And I do believe implementing a custom cookie consent is not the weirdest
> thing to do, especially with GDPR coming next year.
which class do you override for custom cookie consent? I thought
typically custom cookie consent is done by client side javascript code
and the only thing you modify in targeting is the name of the consent
cookie. If there needs to be more flexibility, we can create a factory
or something and then document how to plugin a custom cookie consent
class (and that then becomes 'api').
>
>
> One more thing I noticed was when a user decides not to be tracked, there is
> still a "_visitor" cookie placed on the response. Is that intended?
That is odd. I agree there should not be created a visitor cookie
because that is misleading and might seem to imply that the user is
still tracked. I think from glancing at the code that the _visitor
cookie is used to store the consent cookie value (and thus that the
visitor doesn't want to be tracked). That doesn't make sense to me.
I'll create an issue for it that we stop doing this. I'll do some
extra checks to validate this but I don't think we need it and I
consider the current logic undesirable. Thanks for noticing!