Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.

This page describes the API for handling personal data protection tasks if you are developing a custom module in Java. The API is applicable also for the purposes of GDPR – General Data Protection Regulation (Regulation (EU) 2016/679). The API covers two areas of personal data protection: handling visitor consent and managing cookies.

Handling visitor and consent information

To use the visitor API, make sure that your project depends on the Visitor manager module:

Error rendering macro 'artifact-maven-dependencies-snippet-macro'

com.sun.jersey.api.client.ClientHandlerException: A message body reader for Java class, and Java type class, and MIME media type application/octet-stream was not found

The VisitorManager and the Visitor are the central interfaces needed for handling visitor information. The magnolia-privacy-visitor-manager module provides a JCR-based implementation for the Visitor manager (JcrBasedVisitorManager),  which stores data in the JCR visitors workspace.

Getting VisitorManager

The VisitorManager is a singleton. To get an instance, inject it in the public constructor of the class where you want to use it.

package info.magnolia.documentation.gdpr;

import info.magnolia.consent.visitor.VisitorManager;
import javax.inject.Inject;

public class MyClass {
    private final VisitorManager visitorManager;

    public MyClass(VisitorManager visitorManager){
        this.visitorManager = visitorManager;

Line 11: Assigns the injected VisitorManager to the private final class member variable.

Getting a visitor

Use the Visitor to get a visitor.

Visitor visitor = visitorManager.getVisitor("");

Getting visitor consent

Consent consent = visitor.getConsent();

Getting all references to a visitor

Set<PrivateRecordReference> references = visitorManager.getReferences(visitorManager.getVisitorIdForRequest());

Deleting all visitor data

// delete the visitor data by a given visitor id; done in two steps for security reasons

// request deletionId 
String deletionId = visitorManager.requestVisitorDeletion(""); 

// delete the visitor by deletionId

Note: Deleting visitor data is done usually upon a request coming from a consent confirmation link (sent via email). 

Getting consent source

The source can be a URL, an email address or a phone number where the last consent update came from.

String source = consent.getSource();

Checking consent status

Consent status may be given, denied or withdrawn.

Consent.ConsentStatus consentStatus = consent.getFields().get("email");

Updating consent

The following example changes the previous consent status to given with an expiration of one month:

Calendar expire = Calendar.getInstance();
expire.add(Calendar.MONTH, 1);

                    .field("email", Consent.ConsentStatus.given)

To use the Cookie manager API make sure that your project depends on the Cookie manager module:

Error rendering macro 'artifact-maven-dependencies-snippet-macro'

com.sun.jersey.api.client.ClientHandlerException: A message body reader for Java class, and Java type class, and MIME media type application/octet-stream was not found

To handle cookies on the server side, Magnolia provides CookieManager. The Cookie manager knows about a website visitor's consent that is related to cookies.

Instead of utilizing the java core cookie API, we recommend using the Cookie manager since the manager only adds cookies upon consent given by a website visitor.

Error rendering macro 'code-pro'

Error 401 retrieving server data from URL. User is not authorized to perform the request.

Getting CookieManager

The Cookie manager implementation is a singleton. To get an instance, inject it in the public constructor of the class where you want to use it.

import info.magnolia.consent.cookie.CookieManager;

public class CookieBox {
    private final CookieManager cookieManager;

    public CookieBox(CookieManager cookieManager) {
        this.cookieManager = cookieManager;

    public void doSomething {
        // use the cookieManager according do your needs
Line 7: Assign the injected cookieManager to private final class member variable.

The method returns a Cookie wrapped in an Optional from the current request by a given cookie name.


Optional<Cookie> getCookieFromRequest(CookieDefinition cookieDefinition);

public Cookie getCookie(String cookieId){
        return cookieManager.getCookieFromRequest(cookieManager.getCookieDefinition(cookieId).get()).orElse(null);
    return null;

The method returns the cookie object or null by a given cookie id.

Adding a cookie

Adding a cookie with the Cookie manager requires a CookieDefinition. You can get a cookie definition as defined in the Cookies app with the Cookie manager, see getting and adapting a cookie definition.

(info) The cookie is only added if the website visitor has given consent for the cookie.


void addCookie(CookieDefinition cookieDefinition)

public void setMonsterCookie(String value) {
    if (cookieManager.getCookieDefinition(MONSETRCOOKIE_ID).isPresent()) {
        CookieDefinition cookieDefinition = cookieManager.getCookieDefinition(MONSETRCOOKIE_ID).get();

Line 4: You can override properties of the definition coming from the Cookies app.

Checking consent for a cookie

The method checks whether the website visitor has given consent for a potential cookie. You need a CookieDefinition to check for consent. Also, read Understanding the decision whether a cookie is set or not, which explains the check consent mechanism for a specific cookie.


boolean isCookieConsented(CookieDefinition cookieDefinition)
public boolean monsterCookieConsented() {
    return cookieManager.getCookieDefinition(MONSETRCOOKIE_NAME).isPresent() &&

The method returns a CookieDefinition by a given cookie id.

You need CookieDefinition instances as arguments for the  #addCookie  and #isCookieConsented  methods of the Cookie manager.

Returned cookie definitions are those managed with the Cookies app. The Cookie manager always returns a clone of the definition as configured in the Cookies app. This means that you also can override properties of the cookie definition as set in the Cookies app.


Optional<CookieDefinition> getCookieDefinition(String cookieId)
public CookieDefinition getMonsterCookieDefinition(){
    return cookieManager.getCookieDefinition("monsterCookie").orElse(null);