EE3.4.3: disable system cookies
How Do I?
my client is asking to remove all non-essential cookies. after searching for an hour, I can’t find a way to do that through the CP (setting “Website Session type” to “Session ID” still sets those cookies ‘exp_csrf_token’, ‘exp_last_activity’, ‘exp_last_visit’, ‘exp_tracker’). I’m not sure why some of those are “strictly necessary” (per EE documentation) but at least I’d like to avoid the other two not functionally required cookies.
please!!!
Hi Pirco
There’s been a conversation on Slack about removing cookies like these where possible.
exp_last_activity and exp_last_visit do get used in various places, though as to whether they are strictly necessary is open to interpretation, they don’t contain any personal info.
exp_tracker should only really be set when view tracking is enabled IMHO, this one might be a bug or just something that needs tweaking in the core. Again no personal info is stored in the cookie.
exp_crsf_token is security related so is very essential, without it you could expose your site to attack.