Agreement module ignores -1 frequency setting, requiring re-acceptance after ~1 year

Open on Drupal.org →

Created on 17 February 2025, about 2 months ago

Problem/Motivation

The Agreement module is configured with a Frequency setting of -1, meaning the agreement page should only be shown once to anonymous users. However, after accepting the agreement, the agreement_anon_default cookie is set with an expiration of ~1 year and 1 month instead of being permanent. This results in users having to re-accept the agreement after this period, which contradicts the expected behavior.

Configuration details:

Agreement page: /agreement
Roles: anonymous
Visibility Setting: Show on every page except the listed pages
Frequency: -1 (only once)

Observed behavior

After accepting the agreement, the agreement_anon_default cookie is set as follows:

agreement_anon_default: "1"
Created: "Mon, 17 Feb 2025 07:55:17 GMT"
[...]
Expires / Max-Age: "Tue, 24 Mar 2026 07:55:17 GMT"
[...]

This means that after 1 year + 1 month, the agreement page is displayed again, even though the setting explicitly states it should only appear once for anonymous users.

Expected behavior

If -1 is set in the frequency configuration, the agreement should never reappear for an anonymous user unless cookies are manually cleared. The expiration of the agreement_anon_default cookie should either be permanent or match the session cookie’s expiration to avoid inconsistencies.

Possible solution:

Ensure that when -1 is set, the agreement_anon_default cookie does not expire within a fixed timeframe.

🐛 Bug report

Status

Active

Version

3.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @7r3y
Comment about 2 months ago →
🇺🇸United States mradcliffe USA
Thank you for creating the issue.

I think a fix to 🐛 Checkbox not displayed when session cookie expires and Agreement page is shown again Active would probably resolve this as well.
Comment about 1 month ago →
🇺🇸United States mradcliffe USA
I'm not able to reproduce this. The agreement cookie is set to expire in 10 years when frequency is -1. It is not possible to set a permanent expiration on that cookie by specification so I set it to 10 years.

I do notice that the patch that was contributed for this feature does not set the frequency correctly for other frequency values for anonymous users. I may split that into a different issue.
Comment about 1 month ago →
7r3y
The Agreement module is configured with a Frequency setting of -1, meaning the agreement page should only be shown once to anonymous users. However, after accepting the agreement, the agreement_anon_default cookie is set with an expiration of ~1 year and 1 month instead of being permanent.

Video demo

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024