🐛 Expiration of cookie __dd_s after setTrackingConsent('not-granted') call

[Alexis2004]

We are working on integrating RUM Browser Monitoring into our product.

One of our critical requirements is that our product complies with GDPR, particularly regarding Cookie Consent.

Our users can change their consent to accept cookies dynamically, for which we call the setTrackingConsent method from the SDK.

After a user withdraws consent, we delete all cookies set by our application and expect the same behavior from all third-party SDKs we use.

Describe the bug

However, regarding the @browser-sdk/core module, we observe unexpected behavior related to the _dd_s cookie: its expiration date is set 4 hours in the future (regardless of the client's time zone) instead of "now" or "in the past."

This observation was confirmed by examining the source code. The value of the SESSION_TIME_OUT_DELAY constant is precisely 4 hours.

Expected behavior

This behavior is a blocker for us, as the extra cookie will prevent us from passing GDPR compliance certification. We expect that when calling the setTrackingConsent('not-granted') method, the _dd_s cookie will be immediately expired.