@Findus23 opened this Issue on May 2nd 2019 Member

follow-up to #12540

With ePrivacy and co. many people will start asking questions about how cookies work in Matomo and it will be easier if Matomo only sets the tracking cookies on tracked websites and not also MATOMO_SESSID when the Opt-Out iFrame is loaded.

@tsteur commented on May 2nd 2019 Member

This is needed for the nonce CSRF protection @Findus23 unless I misunderstood?

@Findus23 commented on May 2nd 2019 Member

That would make sense (I didn't see this mentioned in the original issue)

@mattab commented on October 24th 2019 Member

Added this to the cookies list faq: https://matomo.org/faq/general/faq_146/

Also when the opt-out feature is used, there is a cookie called MATOMO_SESSID being created, this cookie is only temporary (it is called a nonce and helps prevent CSRF security issues).

This Issue was closed on May 2nd 2019
Powered by GitHub Issue Mirror