admin管理员组文章数量:1296846
I don't want my WP site to set any persistent cookies. Session cookies while I'm logged in are all I want to allow. I don't want to have to ask visitors for consent, so I need to be sure that none are set. Unfortunately WP makes this difficult.
I see that the wp_generate_auth_cookie function requires an expiry timestamp, so it's not capable of setting a session-only cookie. Amongst the cookies that are set by WP, one is curious. wordpress_test_cookie is the only one set without an expiry – so WP is clearly capable of doing this. It's curious that this particular cookie is set as session-only, which may mean that its utility as a cookie setting check is limited.
How can I persuade WP to not set cookies like that? It's also common for plugins to set cookies without consent or warning, and I want to be able to block them from doing so too.
I'm also looking at an alternative way to deal with this: use Lua scripting in my nginx reverse proxy to modify or delete cookies as they pass by, stripping expiry values from them, and possibly ensuring that all http-only, secure, and sameSite flags are set.
Yes, I am fully aware that this may compromise some aspects of using WordPress, and some plugins will break, but visitor privacy and the law takes precedence.
Are there plugins or other solutions that can help with this?
I don't want my WP site to set any persistent cookies. Session cookies while I'm logged in are all I want to allow. I don't want to have to ask visitors for consent, so I need to be sure that none are set. Unfortunately WP makes this difficult.
I see that the wp_generate_auth_cookie function requires an expiry timestamp, so it's not capable of setting a session-only cookie. Amongst the cookies that are set by WP, one is curious. wordpress_test_cookie is the only one set without an expiry – so WP is clearly capable of doing this. It's curious that this particular cookie is set as session-only, which may mean that its utility as a cookie setting check is limited.
How can I persuade WP to not set cookies like that? It's also common for plugins to set cookies without consent or warning, and I want to be able to block them from doing so too.
I'm also looking at an alternative way to deal with this: use Lua scripting in my nginx reverse proxy to modify or delete cookies as they pass by, stripping expiry values from them, and possibly ensuring that all http-only, secure, and sameSite flags are set.
Yes, I am fully aware that this may compromise some aspects of using WordPress, and some plugins will break, but visitor privacy and the law takes precedence.
Are there plugins or other solutions that can help with this?
Share Improve this question asked Apr 3, 2021 at 21:12 SynchroSynchro 1115 bronze badges 2- wordpress_test_cookie is only set by the login page, though. If your visitor doesn't go to the login page WordPress won't set any cookies automatically. (They can opt in to save their commenter details if not logged in.) – Rup Commented Apr 6, 2021 at 10:09
- However AFAIK you can't stop any plugins just calling PHP's setcookie(), although I can't think of a good reason why a plugin would. – Rup Commented Apr 6, 2021 at 10:14
1 Answer
Reset to default 1The wp_generate_auth_cookie() function is a pluggable function, meaning you can define a function with the same name in a plugin and your version will be used instead of the WordPress core function.
The number of pluggable functions is limited, however. If you want a broad solution that works for all cookies, your lower-level Lua approach will be a better option.
本文标签: How to change WordPress cookies to be sessiononly
版权声明:本文标题:How to change WordPress cookies to be session-only 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741636037a2389644.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论