Details
-
Improvement
-
Resolution: Invalid
-
High
-
5.2
Description
The User Hash feature currently implemented in 5.2 uses all the cookies from the request for generation.
Some services, like analytics, change some of their cookies on every request (GA with _utmb for instance). This will cause the user hash to change very frequently.
To prevent this, a whitelist of cookies that can be used to generate the user hash (cache key) can be added.
Alternative: signed cookies (@AR))
Attachments
Issue Links
- relates to
-
EZP-21991 UserHash should be cached tied to user session id, not user cookies
- Closed