identityStorage prop not being respected

[evaleen]

Expected Behavior

• When I set identityStorage in the init config to none, AMP cookies wont be stored on browser.

Current Behavior

When I set identityStorage to none for an existing user (who has been tracked previously) I can see that the AMP cookies are still being set in the browser. When I do this on incognito though, the cookies are not being set (and it uses in memory storage)

Also, the current recommendation for updating internalStorage on cookie consent is to re-call the init function, but when using @amplitude/analytics-browser with the Amplitude generated event class file, you can only call ampli.load once (which calls the init fn), after that it throws the error:

ERROR: Ampli is not yet initialized. Have you called ampli.load() on app start?

Possible Solution

• internalStorage: none should be respected in all cases.
• Create an amplitude function to update the internalStorage, without having to call init again. eg.

this.amplitude.setInternalStorage('none')

Environment

• JS SDK Version: 2.3.2
• Installation Method: yarn
• Browser and Version: Chrome 118

[kevinpagtakhan]

@evaleen thank you for choosing Amplitude! I believe the cookies are left over from the initialization performed earlier but under the hood should be using memory storage. Can you try to delete the cookies AMP cookies in non-incognito mode and see if it creates another AMP cookie?

[evaleen]

Hi @kevinpagtakhan thanks for getting back to me :)

Correct, it works perfectly on incognito, but this does not solve the case for existing users.

On page load, we call ampli.load (which calls Amplitude.init under the hood). At this point, we check if cookies have been consented to, and in the case that they have not, we set identityStorage: "none", - but I can still see AMP cookies in the browser.
I would expect Amplitude to respect the identity storage regardless of whether its a new or returning user. How else could we change the cookie preferences for existing users?

[evaleen]

Hi @kevinpagtakhan , have you had a chance to investigate? This is still a persistent problem we are facing, thanks!

[liuyang1520]

Hi @evaleen , thanks for reporting this!

If I understand the problem correctly, have you tried to use ampli.load({ client: { instance: amplitude }}); with an instance that has identityStorage: "none"? I believe the storage setting doesn't delete previous data (there might be tricky cases, say there are two instances). If you need to clear the cookie, you can manually clear the cookie.

Thanks!

[evaleen]

Hi @liuyang1520 thanks for getting back to me!

We are using ampli.load, but configuring the client instead of using the instance prop because init is a private function inside the Amplitude generated Ampli class, so there would be no way of getting amplitude to set on the instance prop.

And yes we are setting identityStorage: "none" if the user changes their cookie preferences.

Are you suggesting we manually clear the cookies via JS if the user rejects cookie storage?
If so, since the Amplitude cookies are in the format: AMP_ID, we wont be able to fetch amplitude related cookies easily 🤔

[kevinpagtakhan]

Hi @evaleen, that's correct - we suggest that you manually clear the cookies. Once the identity storage was set to "none", Amplitude SDK no longer reads old cookies or writes new ones to respect the current storage option. The cookie name is in the format of "AMP" + the first 10 characters of your API KEY, the same as the API KEY you pass to init. I believe that should help in fetching and deleting the related cookies.