Open Closed

GDPR Cookie Expiration #5656


User avatar
0
paul.harriman created
  • ABP Framework version: v7.2.3
  • UI Type: Angular
  • Database System: EF Core SQL Server
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

The GDPR Consent Cookie Component is creating a date of 6 months in the future for the cookie expiration, but b/c of the way the cookie create is coded, the expiration is Session.

The first screen shot, uses code:

  • document.cookie = this.CookieKey + '=true;' + expireDate + ';path=/';

the second screen shot shows with updated code of: document.cookie = this.CookieKey + '=true;expires=' + expireDate + ';path=/';


3 Answer(s)
  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    Hi, as far as I know, some regulations by countries have limits like min 6 months of expiration (for example: Ireland).

    Also, if we set the expire as Session then it will act differently in every browser. For example, in Safari, it will show the consent even if you switch apps, or in Internet Explorer, it's not taken into account at all. Thus, I think it's more suitable to add an absolute 6 months as the date for expiration.

  • User Avatar
    0
    paul.harriman created

    I agree, 6 months is good, but as it is coded currently it is a session time, NOT 6months.

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    I agree, 6 months is good, but as it is coded currently it is a session time, NOT 6months.

    Okay, I will update the related part and it will be available in the next release.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38