In Cookie.php, the expiry time is 2 years ; this should be changed to 13 months 🥇 Thanks.
Why should we change that to 13 months instead of 2 years?
If you want custom lifetimes for tracker or login cookies you can overwrite the config values...
I am pretty sure this getss overwritten on every cookie. In addition this can be configured for every cookie in the config.ini.php.
In addition the tracking cookies can be configured in JS were they are set:
The tracking ignore cookie is set to 2 years currently indeed in https://github.com/matomo-org/matomo/blob/3.5.0/core/Tracker/IgnoreCookie.php#L51
There should be actually no expire date?
For all other tracking cookies such as the 3rd party tracking cookie the default is (should) be set to 13 months through config as @Findus23 pointed out.
As it was mentioned the cookie length can be configured in the config. AFAIK it was set to 13 months as a recommendation by eg the CNIL etc. which required a 13 month or shorter cookie length to not needing consent when using Matomo.
As for the ignore cookie this expiry time should be indeed longer and I will change this in a PR