Contrib.social

Set the maximum cache duration

Open on Drupal.org →
Created on 11 September 2024, 2 months ago

Problem/Motivation

The module makes it possible to use caches that are not deleted by a cache rebuild. There is no automatic deletion routine, so that personal data can be stored permanently, which is a violation of the GDPR.

Proposed resolution

Set a default deletion period of 14 days, which can be overwritten in the backend or in the config. In the set() and setMultiple() functions, the $expire parameter must be checked and adjusted accordingly.

Remaining tasks

Write code and tests.

User interface changes

Add form item for maximum lifetime.

API changes

Introduce maximum lifetime.

Data model changes

no.

Feature request
Status

Active

Version

3.2

Component

Code

Created by

🇩🇪Germany jan kellermann

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @jan kellermann
  • Comment 2 months ago
    🇮🇳India nikunjkotecha India, Gujarat, Rajkot

    Hi Jan,

    Setting expiration time of cache is available out of the box, any reason we should not use that?

    This module only provides way to cache data, it doesn't decide whether the data is product for commerce or customer information. In my opion it is upto the dev team to use it as per the requirements and make sure any compliance is maintained.

    Drupal CORE uses garbageCollection to removed expired entries which is not overridden. Meaning, if the custom code ensures cache expiration time is set to 14 days instead of -1 it will be removed automatically.

  • Comment 2 months ago
    🇩🇪Germany jan kellermann

    Thank you for the clarification. For the GarbargeCollector to take effect, a deletion duration must be specified - and this is not the case by default. This is not a problem with the standard caches, as a CR is performed regularly anyway.

    We have to evaluate the software for our customers according to data protection aspects. And Article 25 GDPR as well as the relevant sections of ISO 31700 demand privacy by design / privacy be default so that personal data cannot be inadvertently processed (in this case: stored) improperly.

    With a configurable maximum value, this module would meet these criteria.

    We would like to create a merge request for this, as we want to use the module for our customers.

  • Comment 2 months ago
    🇮🇳India nikunjkotecha India, Gujarat, Rajkot

    Thanks Jan.

    privacy by design / privacy be default

    I belive this is enough to say we should have a config. However it should be applied only if required. Meaning, by default there should not be any limit but only if a configuration is enabled it would set the expiration time, only if it is not already set (even if it is set to 15 days and configuration is 10 days it should stay 15 days).

    In the PR I would expect
    * New configuration in the module to allow setting this expiration, default value 0
    * Config form to set the value in hours
    * Override the cache set function and set the default value for $expire to null
    * if it is NULL, set the default if available in config, if not available set it still to Cache::PERMANENT
    * Call parent function

    This is very high level, feel free to modify based on issues you encounter while implementing. Only thing is the function in the class should only set expire if it is NULL and it should not copy/paste code, call parent instead

    Lastly, please update tests.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024