Thanks for the links @Asutosh_Jena_ , your second link is the one in my original post.
I've worked through the documentation but, while the code executes OK, client-side Javascript does not read the OSGi-configured service values, as the documentation suggests it should. I raised a Forum question a few weeks ago when I was working through this initially but didn't solve it.
I would like to see a working example of this cookie opt out feature so that i see how a working implementation differs from mine, so that I can spot what is wrong.
The client-side scripts for the opt out feature is in the content db at /libs/clientlibs/granite/utils/source/OptOutUtil.js. The Javascript includes inline code comments that read as i've pasted below. I'm not clear how to add the described "...optionally included component..."(?). There is no /libs/granite/security/... node in my local AEM instance. How does that get created, or is this inline code documentation out of date?
/**
* A library to determine whether any opt-out cookie is set and whether a given cookie name is white-listed.
*
* The opt-out and white-list cookie names are determined by a server-side configuration
* (<code>com.adobe.granite.security.commons.OptOutService</code>) and provided to this tool by an optionally
* included component (<code>/libs/granite/security/components/optout</code>) which provides a global JSON object
* named <code>GraniteOptOutConfig</code>.
*
* @static
* @class Granite.OptOutUtil
*/
