[Koha-bugs] [Bug 29957] Cookies not removed after logout
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Mar 21 12:10:17 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29957
--- Comment #75 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Jonathan Druart from comment #74)
> Those patches don't apply on top of bug 29915 and bug 28786. At this point I
> think they should go first.
I will rebase them when needed. 29915 is PQA, I would let the RM push it now.
> You are deciding to list the cookie to remove whereas I think we decided the
> reverse, and clear them all by default. Even, as we don't want to keep the
> language, why should we let the possibility to keep some?
I am not aware of a community decision here. The discussion showed me that it
would be more acceptable to differentiate between cookies to keep and remove.
And this patch set makes that possible via an allow list.
The language cookie might be an excellent example to keep.
If there is concensus to use a deny list here, that is adjusted easily. Do you
want me to ask on the dev ML?
> To me, cookies are tied to the session, on logout should just remove them
> all.
Not all Koha cookies are session based. Some have a long expiry.
Logout will now clear all cookies that you want to clear. Session cookies are
normally cleared when you close the browser.
Note that a considerable number of users may not logout, but closes the
browser.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list