🐛 [RUM-11850] Remove anonymous Id when consent is not granted (#3883)

* 🐛 Remove anonymous Id when consent is not granted

* Improve code

* Improve code

* Fix: rebase conflicts

Author: cy-moi

packages/core/src/domain/session/sessionManager.spec.ts

@@ -631,6 +631,16 @@ describe('startSessionManager', () => {
       expectSessionIdToBeDefined(sessionManager)
       expect(sessionManager.findSession()!.id).not.toBe(initialSessionId)
     })
+
+    it('Remove anonymousId when tracking consent is withdrawn', () => {
+      const trackingConsentState = createTrackingConsentState(TrackingConsent.GRANTED)
+      const sessionManager = startSessionManagerWithDefaults({ trackingConsentState })
+      const session = sessionManager.findSession()!
+
+      trackingConsentState.update(TrackingConsent.NOT_GRANTED)
+
+      expect(session.anonymousId).toBeUndefined()
+    })
   })
 
   describe('session state update', () => {

packages/core/src/domain/session/sessionManager.ts

@@ -92,7 +92,7 @@ export function startSessionManager<TrackingType extends string>(
     if (trackingConsentState.isGranted()) {
       sessionStore.expandOrRenewSession()
     } else {
-      sessionStore.expire()
+      sessionStore.expire(false)
     }
   })
 

packages/core/src/domain/session/sessionState.ts

@@ -1,7 +1,6 @@
 import { isEmptyObject } from '../../tools/utils/objectUtils'
 import { objectEntries } from '../../tools/utils/polyfills'
 import { dateNow } from '../../tools/utils/timeUtils'
-import { generateUUID } from '../../tools/utils/stringUtils'
 import type { Configuration } from '../configuration'
 import { SESSION_EXPIRATION_DELAY, SESSION_TIME_OUT_DELAY } from './sessionConstants'
 import { isValidSessionString, SESSION_ENTRY_REGEXP, SESSION_ENTRY_SEPARATOR } from './sessionStateValidation'
@@ -23,12 +22,8 @@ export function getExpiredSessionState(
   const expiredSessionState: SessionState = {
     isExpired: EXPIRED,
   }
-  if (configuration.trackAnonymousUser) {
-    if (previousSessionState?.anonymousId) {
-      expiredSessionState.anonymousId = previousSessionState?.anonymousId
-    } else {
-      expiredSessionState.anonymousId = generateUUID()
-    }
+  if (configuration.trackAnonymousUser && previousSessionState?.anonymousId) {
+    expiredSessionState.anonymousId = previousSessionState?.anonymousId
   }
   return expiredSessionState
 }

packages/core/src/domain/session/sessionStore.spec.ts

@@ -249,6 +249,11 @@ describe('session store', () => {
         expect(sessionStoreManager.getSession().isExpired).toBeUndefined()
         expect(sessionStoreManager.getSession()[PRODUCT_KEY]).toBeDefined()
       })
+
+      it('should generate an anonymousId if not present', () => {
+        setupSessionStore()
+        expect(sessionStoreManager.getSession().anonymousId).toBeDefined()
+      })
     })
 
     describe('expand or renew session', () => {
@@ -574,6 +579,12 @@ describe('session store', () => {
         expect(sessionStoreManager.getSession().id).toBe(FIRST_ID)
         expect(sessionStoreManager.getSession().isExpired).toBeUndefined()
       })
+
+      it('restart session should generate an anonymousId if not present', () => {
+        setupSessionStore()
+        sessionStoreManager.restartSession()
+        expect(sessionStoreManager.getSession().anonymousId).toBeDefined()
+      })
     })
   })
 

packages/core/src/domain/session/sessionStore.ts

@@ -26,7 +26,7 @@ export interface SessionStore {
   renewObservable: Observable<void>
   expireObservable: Observable<void>
   sessionStateUpdateObservable: Observable<{ previousState: SessionState; newState: SessionState }>
-  expire: () => void
+  expire: (hasConsent?: boolean) => void
   stop: () => void
   updateSessionState: (state: Partial<SessionState>) => void
 }
@@ -170,6 +170,7 @@ export function startSessionStore<TrackingType extends string>(
       {
         process: (sessionState) => {
           if (isSessionInNotStartedState(sessionState)) {
+            sessionState.anonymousId = generateUUID()
             return getExpiredSessionState(sessionState, configuration)
           }
         },
@@ -231,8 +232,11 @@ export function startSessionStore<TrackingType extends string>(
     expireObservable,
     sessionStateUpdateObservable,
     restartSession: startSession,
-    expire: () => {
+    expire: (hasConsent?: boolean) => {
       cancelExpandOrRenewSession()
+      if (hasConsent === false && sessionCache) {
+        delete sessionCache.anonymousId
+      }
       sessionStoreStrategy.expireSession(sessionCache)
       synchronizeSession(getExpiredSessionState(sessionCache, configuration))
     },

packages/core/src/domain/session/storeStrategies/sessionInCookie.spec.ts

@@ -35,14 +35,22 @@ describe('session in cookie strategy', () => {
     expect(getCookie(SESSION_STORE_KEY)).toBe('id=123&created=0')
   })
 
-  it('should set `isExpired=1` and `aid` to the cookie holding the session', () => {
+  it('should set `isExpired=1` to the cookie holding the session', () => {
     const cookieStorageStrategy = setupCookieStrategy()
     spyOn(Math, 'random').and.callFake(() => 0)
     cookieStorageStrategy.persistSession(sessionState)
     cookieStorageStrategy.expireSession(sessionState)
     const session = cookieStorageStrategy.retrieveSession()
-    expect(session).toEqual({ isExpired: '1', anonymousId: jasmine.any(String) })
-    expect(getSessionState(SESSION_STORE_KEY)).toEqual({ isExpired: '1', anonymousId: jasmine.any(String) })
+    expect(session).toEqual({ isExpired: '1' })
+    expect(getSessionState(SESSION_STORE_KEY)).toEqual({ isExpired: '1' })
+  })
+
+  it('should not generate an anonymousId if not present', () => {
+    const cookieStorageStrategy = setupCookieStrategy()
+    cookieStorageStrategy.persistSession(sessionState)
+    const session = cookieStorageStrategy.retrieveSession()
+    expect(session).toEqual({ id: '123', created: '0' })
+    expect(getSessionState(SESSION_STORE_KEY)).toEqual({ id: '123', created: '0' })
   })
 
   it('should return an empty object if session string is invalid', () => {

packages/core/src/domain/session/storeStrategies/sessionInLocalStorage.spec.ts

@@ -43,13 +43,20 @@ describe('session in local storage strategy', () => {
     localStorageStrategy.persistSession(sessionState)
     localStorageStrategy.expireSession(sessionState)
     const session = localStorageStrategy?.retrieveSession()
-    expect(session).toEqual({ isExpired: '1', anonymousId: jasmine.any(String) })
+    expect(session).toEqual({ isExpired: '1' })
     expect(getSessionStateFromLocalStorage(SESSION_STORE_KEY)).toEqual({
       isExpired: '1',
-      anonymousId: jasmine.any(String),
     })
   })
 
+  it('should not generate an anonymousId if not present', () => {
+    const localStorageStrategy = initLocalStorageStrategy(DEFAULT_INIT_CONFIGURATION)
+    localStorageStrategy.persistSession(sessionState)
+    const session = localStorageStrategy.retrieveSession()
+    expect(session).toEqual({ id: '123', created: '0' })
+    expect(getSessionStateFromLocalStorage(SESSION_STORE_KEY)).toEqual({ id: '123', created: '0' })
+  })
+
   it('should return an empty object if session string is invalid', () => {
     const localStorageStrategy = initLocalStorageStrategy(DEFAULT_INIT_CONFIGURATION)
     window.localStorage.setItem(SESSION_STORE_KEY, '{test:42}')

test/e2e/scenario/rum/sessions.scenario.ts

@@ -81,6 +81,18 @@ test.describe('rum sessions', () => {
 
         expect(true).toBeTruthy()
       })
+
+    createTest('removes anonymous id when tracking consent is withdrawn')
+      .withRum()
+      .run(async ({ browserContext, page }) => {
+        expect((await findSessionCookie(browserContext))?.aid).toBeDefined()
+
+        await page.evaluate(() => {
+          window.DD_RUM!.setTrackingConsent('not-granted')
+        })
+
+        expect((await findSessionCookie(browserContext))?.aid).toBeUndefined()
+      })
   })
 
   test.describe('manual session expiration', () => {