search

matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.89k stars 2.65k forks source link

Brave Browser with Cookie Livetime max 7 days #20591

Open Metis77 opened 1 year ago

Metis77 commented 1 year ago

The cookie "mtm_consent_removed" is set to expire in 7 days, instead of 30years.

This is because Brave Browser allows for JS Cookies a max expire time of 7 days. For HTTP Cookies 180 days are allowed.

This is confirmed by Brave here: https://community.brave.com/t/cookie-max-age-too-short/466612/9 This "issue" is still present.

Summary

Maybe there is any way to set HTTP Cookies, as they are allowed for a longer livetime. 180 Days in Brave Browser.

bx80 commented 1 year ago

Hi @Metis77, thanks for reporting this.

All the cookies set by the Matomo JavaScript tracker are going to be JS cookies, setting an HTTP cookie from the JavaScript tracker isn't possible at this time.

The Matomo PHP Tracker will set HTTP/S cookies and could be a good alternative to work around this. Additionally Cookie-less tracking should also work.

This probably isn't going to be something we address in the short term, but I'll add this ticket to the backlog for further consideration and discussion. It may be a case of specifically detecting browsers with limited cookie capability and treating them as if cookies were disabled.

Metis77 commented 1 year ago

Additionally Cookie-less tracking should also work.

I found this while implementing the opt-out. So this is more about not tracking, instead of tracking.

While I am aware, that this behavior is caused by Brave Browser, not allowing JS cookies to live longer than 7 days, this could still lead to some legal problems.

bx80 commented 1 year ago

That's a good point @Metis77 :+1:

Opting out and then being automatically opted back in a week later because Brave Browser has deleted the JS 'consent removed' cookie is definitely problematic. I'll bump the priority so the product team can review this.

randy-innocraft commented 1 month ago

Hi @Metis77. Thank you for creating the issue and bringing this to our attention, that's very appreciated. We have reviewed and triaged the problem internally, and we have confirmed it is an issue. Our team will prioritise this, and we will update you on the progress here when we have an update to share. If you have any further information or questions, please feel free to add them here.