Open robrap opened 1 year ago
Thanks for the announcement. @robrap I usually recommend this cookie to customers needing marketing site integration.
I also need to check with @felipemontoya on the use of Marketing Site User Info cookie on customer sites. He'll respond to this ticket.
Please keep this on hold until we get a definitive "no" from the eduNEXT folks.
@omar-nelc
Thanks @robrap for organizing this DEPR. This cookie is used in the wordpress plugin for marketing site connections (https://wordpress.org/plugins/edunext-openedx-integrator/). We are in the process of splitting that plugin into an ecommerce only part and one for the header and other marketing info.
I don't think we use all the information contained in the EDXMKTG_USER_INFO_COOKIE_NAME so I will look into reading this info from the JWT cookie. Do you know if the 2U private marketing is also considering to move to JWTs in the future?
Thanks @felipemontoya. That's helpful context. The 2U marketing site already uses the auth JWT, but the user info cookie contains a lot of information that is not contained in the auth JWT.
There is no agreed upon design, but my thoughts are captured in the original description around EDXMKTG_USER_INFO_COOKIE_NAME
. I imagine that MFEs could use either additional config (where appropriate) or a new API call to gather the same information that was in this cookie. The contents could be cached in the browser cache. There is no need for this data to be in a cookie, because it doesn't need to be sent back to the server. In this approach, I don't see how a JWT fits in.
In case I haven't made this extremely clear, there should be no timeline concerns. Although "Redwood - 2024-04" was listed as the earliest removal, there is no rush on the full removal, and there is plenty of time to discuss how and if this work could be accomplished.
Proposal Date
2023-06-15
Target Ticket Acceptance Date
2023-06-30
Earliest Open edX Named Release Without This Functionality
Redwood - 2024-04
Rationale
The following marketing site cookies were deprecated in code long ago, but they did not go through a DEPR process.
The 2U private marketing site is using these cookies, and is blocking removal. However, it is unknown at this time if anyone else in the community is using these cookies.
This would resolve potential security issues, login related bugs, performance and stability issues given that the user info cookie is ~1k, which is a large part of our cookie header size budget.
Removal
Copying details from ARCHBOM-1172...
Once the Marketing site is updated to use our new header component, we can remove:
EDXMKTG_LOGGED_IN_COOKIE_NAME
EDXMKTG_USER_INFO_COOKIE_NAME
Notes:
EDXMKTG_LOGGED_IN_COOKIE_NAME
has an existing alternative and simply should no longer be used. In place ofEDXMKTG_LOGGED_IN_COOKIE_NAME
, we should be using frontend-auth code from frontend-platform to determine if the user is authenticated and to get basic information on the user. (This happens to use JWT cookies behind the scenes, but that should be encapsulated away.)EDXMKTG_USER_INFO_COOKIE_NAME
, there is not yet an existing alternative.EDXMKTG_USER_INFO_COOKIE_NAME
:Replacement
Details included in earlier section.
Deprecation
It is already marked as deprecated.
Migration
No response
Additional Info
Additional notes:
DEPRECATED_LOGGED_IN_COOKIE_NAMES
.Note: This ticket used to be
ARCH-245`, which is what was used in the login cookie code comments.