Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't store custom variables in cookies (better privacy) #5415

Closed
quba opened this issue Jul 4, 2014 · 3 comments
Closed

Don't store custom variables in cookies (better privacy) #5415

quba opened this issue Jul 4, 2014 · 3 comments
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Milestone
2.5.0

Comments

@quba
Copy link
Contributor

quba commented Jul 4, 2014

I'd like to change default behavior and don't store custom variables data in cookies. It's a feature that is used only in specific cases. Most likely it's not used and people usually don't want to expose data, when it's not necessary.

Current behavior:

  • custom variables are stored in cookie for the duration of visit,
  • there's no way do disable this feature.

Proposed behavior:

  • don't store data in cookies by default,
  • allow to enable this feature by setting custom parameter.
    Keywords: cookies, custom variables, privacy
@quba quba added this to the 2.5.0 - Piwik 2.5.0 milestone Jul 8, 2014
@tsteur
Copy link
Member

tsteur commented Jul 22, 2014

I am wondering why we do store them in cookies at all? To reuse custom variables having scope visit in case of a new visit after a 30 minutes pause? If this is the case, shouldn't the website make sure the custom variables are set?

@quba
Copy link
Contributor Author

quba commented Jul 22, 2014

I think @mattab mentioned mobile apps tracking when we've talked about this issue recently.

@mattab mattab added this to the Piwik 2.5.0 milestone Aug 3, 2014
mattab pushed a commit to matomo-org/developer-documentation that referenced this issue Aug 13, 2014
Update guide about getCustomVariable to notify about need to call `st…
b61c90c 
…oreCustomVariablesInCookie` first

refs matomo-org/matomo#5415
@mattab mattab closed this as completed in 0fe47ee Aug 13, 2014
@mattab
Copy link
Member

mattab commented Aug 13, 2014

Breaking change added to CHANGELOG.md

  • Javascript Tracking API: if you are using getCustomVariable function to access custom variables values that were set on previous page views, you now must also call storeCustomVariablesInCookie before the first call to trackPageView. Read more about Javascript Tracking here.

@mattab mattab changed the title Don't store custom variables in cookies Don't store custom variables in cookies (better privacy) Aug 13, 2014
mattab added a commit that referenced this issue Aug 13, 2014
@mattab
refs #5415 fix tests, call storeCustomVariablesInCookie
e189538
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Projects
None yet
Milestone
2.5.0
Development

No branches or pull requests
3 participants
@tsteur @mattab @quba