search

Traewelling / traewelling

Free check-in service to log your public transit journeys
https://traewelling.de
GNU Affero General Public License v3.0
232 stars 46 forks source link

Only set session cookie, when user logs in/signs up (NOT on homepage) #2101

Open pReya opened 11 months ago

pReya commented 11 months ago

Describe the bug

Currently, the session cookie is set, whenever a user visits the home page – even if he's an unknown user/first time visitor.

This is unnecessary and fishy from a privacy standpoint (it would allow to track users who don't have an account – e.g. how many times and how long do they visit the website BEFORE they sign up).

It'd be much better if the session cookies was only set, when a user logs in or signs up for a new account – NOT when they browse home page or other static sites.

Steps to reproduce

  1. Visit the home page in an incognito window
  2. Look at the cookies in your dev tools
  3. trawelling_session cookie has been set

Browser console logs

No response

Browser

No response

pReya commented 10 months ago

I'll be happy to contribute a PR for this, but currently I can't get my dev setup working due to #2074, so I can't test my changes :(