[wp-trac] [WordPress Trac] #44161: Expired session tokens need to be removed from database because GDPR
WordPress Trac
noreply at wordpress.org
Thu Jan 17 07:42:47 UTC 2019
#44161: Expired session tokens need to be removed from database because GDPR
-------------------------+------------------------------
Reporter: mechter | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses:
-------------------------+------------------------------
Comment (by postphotos):
@desrosj - I am inclined to agree with you philosophically here, and
thanks for weighing in, though I think through a strict interpretation of
IP data rules, @mechter might be right as it's part of the data that is
recorded about a given user on a site. (Thanks for opening this ticket!)
Regarding this:
> There should be some kind of garbage collection that removes expired
session tokens on a daily basis.
I think in some organizations that are really concerned, the idea of
session management could be entirely disabled and this would be a
reasonable option. That being said, I think it's useful for a user to
review their login history with a given site.
Would totally love others to weigh in as well!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44161#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list