undefined | Better HN

0 pointsthe_mitsuhiko2y ago0 comments

The ePrivacy directive is not that descriptive. The use of this cookie is fine as per legal review.

All our forms have the same CSRF protection, that goes for login and other things too.

0 comments

I really don't see how a duration of one year and Same-Site=Lax on the sentry-sc cookie passed legal review, but perhaps your legal team is comfortable with a more aggressive approach than I'm used to.

the_mitsuhikoOP2y ago

The purpose and functionality of the cookie is what matters, not the duration.

jefftk2y ago

The duration is part of the functionality. In interpreting the e-Privacy directive a general principle is that durations should not be longer than required to implement the required functionality. If you read through https://ec.europa.eu/justice/article-29/documentation/opinio... you'll see lots of discussion of appropriate durations.

1 more reply

j / k navigate · click thread line to collapse

0 pointsthe_mitsuhiko2y ago0 comments

The ePrivacy directive is not that descriptive. The use of this cookie is fine as per legal review.

All our forms have the same CSRF protection, that goes for login and other things too.

0 comments

jefftk2y ago

the_mitsuhikoOP2y ago

The purpose and functionality of the cookie is what matters, not the duration.

jefftk2y ago

1 more reply

j / k navigate · click thread line to collapse