Agreement module ignores -1 frequency setting, requiring re-acceptance after ~1 year

Created on 17 February 2025, about 2 months ago

Problem/Motivation

The Agreement module is configured with a Frequency setting of -1, meaning the agreement page should only be shown once to anonymous users. However, after accepting the agreement, the agreement_anon_default cookie is set with an expiration of ~1 year and 1 month instead of being permanent. This results in users having to re-accept the agreement after this period, which contradicts the expected behavior.

Configuration details:

  • Agreement page: /agreement
  • Roles: anonymous
  • Visibility Setting: Show on every page except the listed pages
  • Frequency: -1 (only once)

Observed behavior

After accepting the agreement, the agreement_anon_default cookie is set as follows:

agreement_anon_default: "1"
Created: "Mon, 17 Feb 2025 07:55:17 GMT"
[...]
Expires / Max-Age: "Tue, 24 Mar 2026 07:55:17 GMT"
[...]

This means that after 1 year + 1 month, the agreement page is displayed again, even though the setting explicitly states it should only appear once for anonymous users.

Expected behavior

If -1 is set in the frequency configuration, the agreement should never reappear for an anonymous user unless cookies are manually cleared. The expiration of the agreement_anon_default cookie should either be permanent or match the session cookie’s expiration to avoid inconsistencies.

Possible solution:

Ensure that when -1 is set, the agreement_anon_default cookie does not expire within a fixed timeframe.

🐛 Bug report
Status

Active

Version

3.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024