[buddypress-trac] [BuddyPress Trac] #7856: Privacy: Review of cookie behavior

buddypress-trac noreply at wordpress.org
Tue May 22 21:52:12 UTC 2018 

#7856: Privacy: Review of cookie behavior
--------------------------+--------------------
 Reporter:  boonebgorges  |      Owner:  (none)
     Type:  task          |     Status:  new
 Priority:  normal        |  Milestone:  4.0
Component:  Core          |    Version:
 Severity:  normal        |   Keywords:
--------------------------+--------------------
 Parent ticket: #7698. Related: #7827.

 BP uses cookies in a number of ways. Some of them are critical to BP
 functionality, while others are for convenience only. Some are for logged-
 in users only, while others apply to all site visitors. Let's use the
 description of this ticket as an inventory of what we currently do. Please
 correct any mistakes I make. Afterward, I'll make suggestions about
 potential changes that would make it easier for sites to comply with GDPR
 etc.

 ===

 == Activity

 Name: `bp-activity-oldestpage`
 Description: bp-legacy only. Applies to all site visitors. Used to store
 the proper page of results for the next 'Load More' request.
 Recommendation: There's no reason to store this in a cookie. It's reset
 between pageloads. We should remove it.

 Name: `bp-activity-filter`
 Description: bp-legacy only. Applies to all site visitors. Used to store
 the last-selected "Filter by"
 Recommendation: I have always found this behavior a little useless. My
 preference is to remove it altogether. If people like it, we should make
 it logged-in user only, so that cookie approval can be consolidated.

 Name: `bp-activity-scope`
 Description: bp-legacy only. Applies to all site visitors. Used to store
 the last clicked activity tab - "My Groups", "Mentions", etc, and then
 switch to it on the next load.
 Recommendation: see `bp-activity-filter`

 Name: `bp-activity-extras`
 Description: No idea what this does. Seems to have been added in [2477]
 just for extensibility.
 Recommendation: Is it possible it's being used by a plugin? Since it's
 Legacy only, I'd say leave it, but make it logged-in only.

 == Messages

 Messages has some cookie code for `bp_messages_send_to`,
 `bp_messages_subject`, and `bp_messages_content`, but it appears to be
 unused. Probably no action needed here, and no reference necessary in the
 default privacy policy.

 == Core

 Name: `bp-message` and `bp-message-type`
 Description: Used to store success/failure messages for `template_notices`
 display on next pageload. In practice, it's generally logged-in users only
 who perform actions that would require this, though third-party plugins
 might violate this.
 Recommendation: Keep.

 == Groups

 Name: `bp_new_group_id`, `bp_completed_create_steps`
 Description: Used to store progress in the multi-step group creation
 process. Logged-in user only.
 Recommendation: Keep.

 Name: `bp-groups-filter`, `bp-groups-scope`, `bp-groups-extras`
 Description: See similar activity filters.

 == Members

 Name: `bp-members-filter`, `bp-members-scope`, `bp-members-extras`
 Description: See similar activity filters.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7856>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list