[wp-trac] [WordPress Trac] #44161: Expired session tokens need to be removed from database because GDPR
WordPress Trac
noreply at wordpress.org
Wed Aug 27 10:19:35 UTC 2025
#44161: Expired session tokens need to be removed from database because GDPR
-------------------------+------------------------------
Reporter: mechter | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses:
-------------------------+------------------------------
Comment (by tha_sun):
The GDPR dictates that you need to approach this question from the
opposite end:
If you have a legitimate reason to retain user data for showing a history
of logins to all your users, and you actually do it (whereas WordPress
Core does not do it and I'm not aware of a plugin that does it), then you
can disable the cleanup on your site (or install a plugin that saves the
data in a better way).
This recommended default behavior is supported by further technical
evidence:
There are various complaints from WordPress site administrators across the
net running into fatal server errors, because some of their user accounts
have so many session_tokens that their site is exceeding the PHP memory
limit.
Cleaning up expired session tokens not only supports data privacy but also
prevents a bad user experience with WordPress for site administrators.
The data is obsolete, useless, and in a poor format.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44161#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list