Cookies should last a maximum of 1 year

Description

We have three cookies that are set for 20 years, but it appears the ePrivacy Directive says they should only last for one:

  • accepted_tos, set when accepting the TOS prompt while logged out

  • user_credentials, set when logging in as a regular user

  • admin_credentials, set when logged in as an admin

To test, you can use your browser's developer tools to check the expiration dates on these cookies. Exact instructions will vary by browser.

Activity

Show:
Sarken
June 5, 2020, 6:17 AM
  • accepted_tos, set when accepting the TOS prompt while logged out Couldn’t really test this, since I get the local storage item set, not a cookie.

  • user_credentials, set when logging in as a regular user Expiration date was 6/5/2021, one year from now.

  • admin_credentials, set when logged in as an admin Expiration date was 6/5/2021, one year from now.

redsummernight
June 6, 2020, 3:12 AM
  • accepted_tos:

    • In Firefox 76.0.1, visit about:config and set dom.storage.default_quota to 0. This breaks localStorage calls and forces the TOS prompt to save a cookie.

    • Logged out. Expires / Max-Age: "Sun, 06 Jun 2021 03:09:43 GMT".

  • user_credentials: logged out, logged back in as a normal user. Expires / Max-Age: "Sun, 06 Jun 2021 03:01:08 GMT" (one year from now).

  • admin_credentials: logged out, logged back in as an admin. Expires / Max-Age: "Sun, 06 Jun 2021 03:03:17 GMT" (one year from now).

Looks good.

Assignee

Alix R

Reporter

Sarken

Roadmap

Misc

Priority

High

Affects versions

Fix versions

Components

BackEnd
FrontEnd

Difficulty

Medium

Required Access Level

Admin

Milestone

Internal 0.9
Configure