Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set higher expiry time for the "Ignore tracking" cookie #13042

Closed
bquiller opened this issue Jun 6, 2018 · 4 comments 路 Fixed by #16174
Closed

Set higher expiry time for the "Ignore tracking" cookie #13042

bquiller opened this issue Jun 6, 2018 · 4 comments 路 Fixed by #16174
Assignees
Labels
c: Privacy For issues that impact or improve the privacy.
Milestone

Comments

@bquiller
Copy link

bquiller commented Jun 6, 2018

In Cookie.php, the expiry time is 2 years ; this should be changed to 13 months 馃 Thanks.
/**
* Returns the default expiry time, 13 months
*
* @return int Timestamp in 13 months
*/
protected function getDefaultExpire()
{
return time() + 86400 * 365 + 86400 * 28;
}

Thanks.

@sgiehl
Copy link
Member

sgiehl commented Jun 6, 2018

Why should we change that to 13 months instead of 2 years?
If you want custom lifetimes for tracker or login cookies you can overwrite the config values...

@Findus23
Copy link
Member

Findus23 commented Jun 6, 2018

Hi,

I am pretty sure this getss overwritten on every cookie. In addition this can be configured for every cookie in the config.ini.php.

See e.g. here:

cookie_expire = 33955200;

In addition the tracking cookies can be configured in JS were they are set:
https://developer.matomo.org/api-reference/tracking-javascript#configuration-of-tracking-cookies

@tsteur
Copy link
Member

tsteur commented Jun 6, 2018

The tracking ignore cookie is set to 2 years currently indeed in https://github.com/matomo-org/matomo/blob/3.5.0/core/Tracker/IgnoreCookie.php#L51

There should be actually no expire date?

For all other tracking cookies such as the 3rd party tracking cookie the default is (should) be set to 13 months through config as @Findus23 pointed out.

@Findus23 Findus23 added the c: Privacy For issues that impact or improve the privacy. label May 24, 2020
@tsteur tsteur changed the title Default expiry time for cookie Set higher expiry time for ignore cookie Jul 3, 2020
@tsteur
Copy link
Member

tsteur commented Jul 3, 2020

As it was mentioned the cookie length can be configured in the config. AFAIK it was set to 13 months as a recommendation by eg the CNIL etc. which required a 13 month or shorter cookie length to not needing consent when using Matomo.

As for the ignore cookie this expiry time should be indeed longer and I will change this in a PR

tsteur added a commit that referenced this issue Jul 3, 2020
fix #13042

By default two years is set.
@tsteur tsteur self-assigned this Jul 3, 2020
diosmosis pushed a commit that referenced this issue Jul 5, 2020
fix #13042

By default two years is set.
@mattab mattab added this to the 4.0.0 milestone Jul 20, 2020
@mattab mattab changed the title Set higher expiry time for ignore cookie Set higher expiry time for the "Ignore tracking" cookie Sep 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Privacy For issues that impact or improve the privacy.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants