ct_pointer_data becomes huge

Created on 28 June 2025, about 1 month ago

Problem/Motivation

If using a website with this module installed a lot, ct_pointer_data becomes huge, to a point of webserver returning 50x errors (500, 502, ...) due to a huge request header with this cookie inside.

Steps to reproduce

Install module, use website a lot, ct_pointer_data grows a few kb in size.

Proposed resolution

Limit size of ct_pointer_data, or add a parameter to be able to set max ct_pointer_data size, or add an option to disable mouse tracking.

๐Ÿ› Bug report
Status

Active

Version

9.6

Component

Code

Created by

๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @KlemenDEV
  • Hello klemendev.

    We suggest 2 ways to solve this:

    1. Enable alternative cookies in the plugin settings. The data will be stored in the site database. This will increase the load on the database.

    2. If the use of alternative cookies is unacceptable. We decided to exclude this cookie if the "Use CleanTalk JavaScript library" option is enabled. Please install the attached patch for this.

    Did it help?

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    We have "Use CleanTalk JavaScript library", so I will apply this patch and report back. Thank you for a quick reply and the patch :)

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    Tried the patch with "Use CleanTalk JavaScript library" checked, but

    ct_pointer_data

    the cookie was still generated. Tried in incognito and made sure to clear all caches. Enable alternative cookies in the plugin settings may not be an option for us as we have relatively high-traffic website, although, I can't really estimate an impact of this alternative cookies option

  • Please clarify, did you clear the cache not only the browser, but also the site?

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    Yes, "drush cr" and also in-UI "Performance -> Clear caches" and browser by going incognito.

    In Google Chrome dev tools in cookies list, ct_pointer_data was still created.

    "Use CleanTalk JavaScript library" is enabled, "Enable alternative cookies" is disabled, bot firewall setting is disabled too

  • ๐Ÿ‡ท๐Ÿ‡บRussia znaeff

    Hello,

    I will ask our developers about this. We will contact you within 2-3 business days.

    Thank you.

  • Hello.

    Judging by the frontend of your site, we suspect that either the patch was not installed correctly or some cache was not cleared. Please install the plugin with the patch from the attached archive.

    Any changes?

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    You currently don't see the patch because we did not want to leave the patch that did not work on the production site, so we removed it after unsuccessful testing.

    I am sure that the patch was applied correctly, but will do it again / install attached module zip later today.

    If the use of alternative cookies is unacceptable. We decided to exclude this cookie if the "Use CleanTalk JavaScript library" option is enabled. Please install the attached patch for this.

    Is this correct? Because looking at patch, only cleantalk_bot_detector and cleantalk_alternative_cookies_session parameters are checked, which we both have set to false on our production site.

  • ๐Ÿ‡บ๐Ÿ‡ธUnited States serge-m

    Thank you for your reply.
    I transferred your question to the programmer staff. Please, wait.

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    I have reapplied the patch back to the site, so your developers can check our frontend again. From my checks, it seems patch was applied but pointer data cookie is still created

  • ๐Ÿ‡ท๐Ÿ‡บRussia znaeff

    Hello,

    Please ensure the "Use CleanTalk JavaScript library" option (stored as cleantalk_bot_detector) is enabled. When this option is active, a frontend flag called ct_use_bot_detector will appear.

    If ct_use_bot_detector = 1, the cookie ct_pointer_data will be set upon page load but will not update via JavaScriptโ€”its value will remain 0. This directly addresses the reported concern regarding the oversized cookie. In this setup, actual mouse coordinates will be transmitted via frontend_data, bypassing the websiteโ€™s backend (and avoiding the cookie altogether).

    Did it help you?

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    "Use CleanTalk JavaScript library" is enabled on our website (checkbox is checked), and this patch ( https://www.drupal.org/files/issues/2025-06-30/skip_cookie_ct_pointer_da... โ†’ ) applied; however, we noticed that the size is still non-zero, and also grows significantly in some cases if moving the mouse and clicking a lot. It starts at size 16 and then grows.

    EDIT: I have noticed it only grows when logged in. If the user is anonymous, it remains at size 16

  • Thank you. Give us three days to check everything out.

  • ๐Ÿ‡บ๐Ÿ‡ธUnited States serge-m

    Hello,

    We tested the website from different browsers and devices, the cookie size ct_pointer_data was 0 each time.

    Please, clear all cache in:
    - your browser
    - your Drupal backend
    - your CDN

    If it didn't help, then please send us a video where:
    - you visit the website with visible browser console where the cookies are being monitored
    - run these commands in your browser consoles: ct_use_alt_cookies and ct_use_bot_detector
    - open in the browser console Sources โ†’ Page โ†’ top โ†’ YOUR_WEBSITE โ†’ sites/default/files โ†’ js โ†’ one of the bundles "js_"

    Thank you.

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    I can not send the video here. If needed, I can open a private ticket on your support pages to send it there.

    But with https://www.drupal.org/files/issues/2025-06-30/skip_cookie_ct_pointer_da... โ†’ applied and all caches possible cleaned, I can confirm this patch makes it so ct_pointer_data has value "0" all the time and Chrome shows constant size 16, which is acceptable.

    I have noticed it only happens if I log in to the website with admin account, so I guess this patch sort of fixes the issue for all users but admin.

    Still strange why on the logged in admin account, ct_pointer_data still grows without limits.

    Logged in or anonymous user, values are:

    * ct_use_alt_cookies is 0
    * ct_use_bot_detector is 1

  • ๐Ÿ‡บ๐Ÿ‡ธUnited States serge-m

    Yes, please, send your video via a private ticket:
    https://cleantalk.org/my/support/open

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    Opened ticket 49611

  • ๐Ÿ‡ธ๐Ÿ‡ฎSlovenia KlemenDEV

    Thanks to helpful support from the support team, we were able to pinpoint the issue to stubborn caches.

    I can confirm this fixes the cookie size at 16 bytes and value "0" which is fine and does not cause huge cookie issues.

    Marking RTBC, hopefully this patch makes it into the module release :)

  • ๐Ÿ‡ท๐Ÿ‡บRussia znaeff

    Thank you for your feedback! We are glad to know the issue is resolved.

Production build 0.71.5 2024