Cookie tracking

gistfile1.txt

https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
"4.3.  Tracking
   The proposals in this document do not in themselves mitigate the
   privacy risks described in Section 7.1 of [RFC6265bis].  Entities who
   wish to use cookies to track user activity from cross-site contexts
   can continue to do so by setting cookies that declare themselves as
   "SameSite=None".

https://web.dev/samesite-cookies-explained
"Additionally in Chrome, if you also enable the cookies-without-same-site-must-be-secure flag then you must also specify
SameSite=None cookies as Secure or they will be rejected. Note, this flag won't have any effect unless you also have same
-site-by-default-cookies enabled."
document.cookie = 'cross-site-cookie=bar; SameSite=None; Secure';

We need cookie tracking instead of finger print tracking in both cases:
1) Events tracking - impressions, clicks etc instead of client_uid field.
2) Smart tags - to match ads

I checked the possibility of set/ready cookie under our domain 'staticcdn.enzymic.co' and it seems possible.

# function to set cookie where for example:
# cname = 'enzymic_UID'
# cvalue = random hash
function setCookie(cname, cvalue, exdays) {
  var d = new Date();
  d.setTime(d.getTime() + (exdays*24*60*60*1000));
  var expires = "expires="+ d.toUTCString();
  document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}

# function to get cookie by specific cname
function getCookie(cname) {
  var name = cname + "=";
  var decodedCookie = decodeURIComponent(document.cookie);
  var ca = decodedCookie.split(';');
  for(var i = 0; i <ca.length; i++) {
    var c = ca[i];
    while (c.charAt(0) == ' ') {
      c = c.substring(1);
    }
    if (c.indexOf(name) == 0) {
      return c.substring(name.length, c.length);
    }
  }
  return "";
}

# more about cookies and js https://www.w3schools.com/js/js_cookies.asp

1. Events tracking
For events tracking we can do next way:
When we show ad_unit to user we try to read our cookie.
If cookie empty - then calculate new value and set cookie to user's browser. 
If cookie present - read it's value.
Then use cvalue as UID attribute and send it with event to stats.

2. Smart tags
I think we can do the same as for 'Event tracking'. The cname should be another 'smart_tag_UID'. 
But we need set cookie for another domain. 
Because we send smart_tag_event from customer's domain, for example www.fairprice.com.sg. 
Need to investigate how we can do this. Here some articles https://stackoverflow.com/questions/6761415/how-to-set-a-cookie-for-another-domain

Lets say a.com is fairprice and b.com is staticcdn.enzymic.co
"You can't, but... If you own both pages then...
1) You can send the data via query params (http://siteB.com/?key=value)
2) You can create an iframe of Site B inside site A and you can send post messages from one place to the other. 
As Site B is the owner of site B cookies it will be able to set whatever value you need by processing the correct post message."

If we can do this, then during ad_unit showing to user we can read the cookie and match the right ads for this user 
as we do now at static ads_controller.

As mentioned, fingerprinting will be disabled by Chrome soon. So we need to move away from using Fingerprinting and have to do it asap. I'm not sure about Dima code. But what I envision is that we will set the cookie when smart tag is activate by user. This cookie is unique for each user and we will store the unique id (UID) of this cookie. And when our ad is serve, we will read the cookie, and if the UID matched with the cookie identified through smart tag, we will serve the ads that associate with this cookie.

Yes. our cookie will be using 3rd Party cookie and understand that safari or Apple ITP will block this. But this is the general issue for all cookie tracking. At least we are level setting to be align with whole adtech industry who are using cookie tracking.