https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29957 --- Comment #76 from Jonathan Druart <jonathan.druart+koha@gmail.com> --- (In reply to Marcel de Rooy from comment #75)
(In reply to Jonathan Druart from comment #74)
Those patches don't apply on top of bug 29915 and bug 28786. At this point I think they should go first.
I will rebase them when needed. 29915 is PQA, I would let the RM push it now.
You are deciding to list the cookie to remove whereas I think we decided the reverse, and clear them all by default. Even, as we don't want to keep the language, why should we let the possibility to keep some?
I am not aware of a community decision here. The discussion showed me that it would be more acceptable to differentiate between cookies to keep and remove. And this patch set makes that possible via an allow list. The language cookie might be an excellent example to keep. If there is concensus to use a deny list here, that is adjusted easily. Do you want me to ask on the dev ML?
Only Martin and me so far (comments #14 and #15) The problem is: how do you maintain it? I am assuming that we want to clear a cookie by default, so how sysops will maintain this list up-to-date? They will have to know if a new cookie has been added to a given version. Seems a nightmare.
To me, cookies are tied to the session, on logout should just remove them all. Not all Koha cookies are session based. Some have a long expiry. Logout will now clear all cookies that you want to clear. Session cookies are normally cleared when you close the browser. Note that a considerable number of users may not logout, but closes the browser.
I am not aware of cookies we want to keep in Koha after a logout. We proved earlier that even "language" was not a good pick. -- You are receiving this mail because: You are watching all bug changes.