Cookies should last a maximum of 1 year

Description

We have three cookies that are set for 20 years, but it appears the ePrivacy Directive says they should only last for one:

  • accepted_tos, set when accepting the TOS prompt while logged out

  • user_credentials, set when logging in as a regular user

  • admin_credentials, set when logged in as an admin

To test, you can use your browser's developer tools to check the expiration dates on these cookies. Exact instructions will vary by browser.

Assignee

Alix R

Reporter

Sarken

Roadmap

Misc

Priority

High

Affects versions

Fix versions

Components

BackEnd
FrontEnd

Difficulty

Medium

Required Access Level

Admin

Milestone

Internal 0.9
Configure