Contrib.social

Agreement module ignores -1 frequency setting, requiring re-acceptance after ~1 year

Open on Drupal.org →
Created on 17 February 2025, 2 months ago

Problem/Motivation

The Agreement module is configured with a Frequency setting of -1, meaning the agreement page should only be shown once to anonymous users. However, after accepting the agreement, the agreement_anon_default cookie is set with an expiration of ~1 year and 1 month instead of being permanent. This results in users having to re-accept the agreement after this period, which contradicts the expected behavior.

Configuration details:

  • Agreement page: /agreement
  • Roles: anonymous
  • Visibility Setting: Show on every page except the listed pages
  • Frequency: -1 (only once)

Observed behavior

After accepting the agreement, the agreement_anon_default cookie is set as follows:

agreement_anon_default: "1"
Created: "Mon, 17 Feb 2025 07:55:17 GMT"
[...]
Expires / Max-Age: "Tue, 24 Mar 2026 07:55:17 GMT"
[...]

This means that after 1 year + 1 month, the agreement page is displayed again, even though the setting explicitly states it should only appear once for anonymous users.

Expected behavior

If -1 is set in the frequency configuration, the agreement should never reappear for an anonymous user unless cookies are manually cleared. The expiration of the agreement_anon_default cookie should either be permanent or match the session cookie’s expiration to avoid inconsistencies.

Possible solution:

Ensure that when -1 is set, the agreement_anon_default cookie does not expire within a fixed timeframe.

🐛 Bug report
Status

Active

Version

3.0

Component

Code

Created by

7r3y

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @7r3y
  • Comment 2 months ago
    🇺🇸United States mradcliffe USA

    Thank you for creating the issue.

    I think a fix to 🐛 Checkbox not displayed when session cookie expires and Agreement page is shown again Active would probably resolve this as well.

  • Comment about 2 months ago
    🇺🇸United States mradcliffe USA

    I'm not able to reproduce this. The agreement cookie is set to expire in 10 years when frequency is -1. It is not possible to set a permanent expiration on that cookie by specification so I set it to 10 years.

    I do notice that the patch that was contributed for this feature does not set the frequency correctly for other frequency values for anonymous users. I may split that into a different issue.

  • Comment about 2 months ago
    7r3y

    The Agreement module is configured with a Frequency setting of -1, meaning the agreement page should only be shown once to anonymous users. However, after accepting the agreement, the agreement_anon_default cookie is set with an expiration of ~1 year and 1 month instead of being permanent.

    Video demo

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024