Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't set MATOMO_SESSID in opt-out iFrame #14402

Closed
Findus23 opened this issue May 2, 2019 · 3 comments
Closed

Don't set MATOMO_SESSID in opt-out iFrame #14402

Findus23 opened this issue May 2, 2019 · 3 comments
Labels
answered For when a question was asked and we referred to forum or answered it.

Comments

@Findus23
Copy link
Member

Findus23 commented May 2, 2019

follow-up to #12540

With ePrivacy and co. many people will start asking questions about how cookies work in Matomo and it will be easier if Matomo only sets the tracking cookies on tracked websites and not also MATOMO_SESSID when the Opt-Out iFrame is loaded.
@Findus23 Findus23 added the c: Privacy For issues that impact or improve the privacy. label May 2, 2019
@Findus23 Findus23 mentioned this issue May 2, 2019
Merged
@tsteur
Copy link
Member

tsteur commented May 2, 2019

This is needed for the nonce CSRF protection @Findus23 unless I misunderstood?

@tsteur tsteur closed this as completed May 2, 2019
@tsteur tsteur added answered For when a question was asked and we referred to forum or answered it. and removed c: Privacy For issues that impact or improve the privacy. labels May 2, 2019
@Findus23
Copy link
Member Author

Findus23 commented May 2, 2019

That would make sense (I didn't see this mentioned in the original issue)

@mattab
Copy link
Member

mattab commented Oct 24, 2019

Added this to the cookies list faq: https://matomo.org/faq/general/faq_146/

Also when the opt-out feature is used, there is a cookie called MATOMO_SESSID being created, this cookie is only temporary (it is called a nonce and helps prevent CSRF security issues).

@tsteur tsteur mentioned this issue Nov 24, 2020
Open
@Findus23 Findus23 mentioned this issue Nov 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tsteur @mattab @Findus23