[wp-trac] [WordPress Trac] #46618: Change login behaviour to only set the test cookie when a user attempts to login instead of just on visiting the login page

WordPress Trac noreply at wordpress.org
Tue Mar 26 07:28:59 UTC 2019 

#46618: Change login behaviour to only set the test cookie when a user attempts to
login instead of just on visiting the login page
------------------------------------+----------------------------------
 Reporter:  garrett-eclipse         |       Owner:  (none)
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Login and Registration  |     Version:
 Severity:  normal                  |  Resolution:
 Keywords:  needs-patch             |     Focuses:  javascript, privacy
------------------------------------+----------------------------------
Changes (by garrett-eclipse):

 * keywords:   => needs-patch


Comment:

 Replying to [comment:3 Clorith]:
 > If the check isn't done till after (I thought we did it earlier, so my
 apologies if that's not the case), we could just redo the logic to logging
 in, and if `is_user_logged_in` says "no" when a valid login is provided,
 we know the cookie isn't setting and can act accordingly.
 >
 > Adding checkboxes to declare cookie consent on login pages adds
 complexity for the end user, and isn't required from my understanding,
 because it's implied that there exists an item to maintain your login
 session in such a scenario.

 Thanks @Clorith, I appreciate the input and agree that sounds like the
 patch forward here moving the login into the login process rather than
 pageload.

 As to a cookie checkbox, I agree as well, the suggested policy text covers
 this quite well so no need to complicate things;
 > When you log in, we will also set up several cookies to save your login
 information and your screen display choices. Login cookies last for two
 days, and screen options cookies last for a year. If you select "Remember
 Me", your login will persist for two weeks. If you log out of your
 account, the login cookies will be removed.
 >
 > If you edit or publish an article, an additional cookie will be saved in
 your browser. This cookie includes no personal data and simply indicates
 the post ID of the article you just edited. It expires after 1 day.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46618#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list