GDPR Additions

[genusistimelord]

1. Make GDPR Optional. Useful for internal websites where workers already agreed to gain access to them.
2. Add GDPR Cookie name for Acceptance.
3. Add lifetime for Acceptance Cookie.
4. Add Boolean to AxumSessionData for Accepted.
5. If by_pass_gdpr is False then do not set session UID cookie till accepted and unload inner session if not accepted yet.

@tgolsson what do you think?

[tgolsson]

Without being an expert; it seems sensible. I'm unsure whether it's compatible with having it in the session data (part 4). Or would that essentially mean creating a new session on each request. "This is a fresh session that hasn't accepted cookies"?

[genusistimelord]

it would mean a new session would get created anyways since there is no Session ID set in the cookies to restore the old session. So rather than keep it we will remove it right off the bat.

the default Session doesn't store any actual personal details and even if it did, which would not be my responsibility but the end users, the inner session upon page reload would be deleted. since they did not accept cookies to link back to it. And by data I mostly mean data added via Set to the Session store during the function handling process of Axum.

So in this aspect if GDPR is enabled then

1. User visits web page.
2. We try to load cookies if they exist
3. if Cookie accept does not exist or does exist and is false then load Default session. Otherwise attempt to load session if it exists.
4. Session is Sent into the function requesting it within Axum.
5. Function can then call Set and Get upon the Session
6. Function ends.
7. Await on Request Returns as the Response.
8. We check if the User has accepted anything yet if not we remove the session or simply don't store it till they do.
9. If accepted we store the data in the Session table which gets stored to a database if persistence is enabled.
10. website is sent to end user as the Response.

Something like the above. @tgolsson