New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DEPR]: Marketing site login and user info cookies #32343
Comments
Thanks for the announcement. @robrap I usually recommend this cookie to customers needing marketing site integration. I also need to check with @felipemontoya on the use of Marketing Site User Info cookie on customer sites. He'll respond to this ticket. Please keep this on hold until we get a definitive "no" from the eduNEXT folks. |
|
Thanks @robrap for organizing this DEPR. This cookie is used in the wordpress plugin for marketing site connections (https://wordpress.org/plugins/edunext-openedx-integrator/). I don't think we use all the information contained in the EDXMKTG_USER_INFO_COOKIE_NAME so I will look into reading this info from the JWT cookie. |
Thanks @felipemontoya. That's helpful context. The 2U marketing site already uses the auth JWT, but the user info cookie contains a lot of information that is not contained in the auth JWT. There is no agreed upon design, but my thoughts are captured in the original description around |
In case I haven't made this extremely clear, there should be no timeline concerns. Although "Redwood - 2024-04" was listed as the earliest removal, there is no rush on the full removal, and there is plenty of time to discuss how and if this work could be accomplished. |
Proposal Date
2023-06-15
Target Ticket Acceptance Date
2023-06-30
Earliest Open edX Named Release Without This Functionality
Redwood - 2024-04
Rationale
The following marketing site cookies were deprecated in code long ago, but they did not go through a DEPR process.
The 2U private marketing site is using these cookies, and is blocking removal. However, it is unknown at this time if anyone else in the community is using these cookies.
This would resolve potential security issues, login related bugs, performance and stability issues given that the user info cookie is ~1k, which is a large part of our cookie header size budget.
Removal
Copying details from ARCHBOM-1172...
Once the Marketing site is updated to use our new header component, we can remove:
EDXMKTG_LOGGED_IN_COOKIE_NAME
EDXMKTG_USER_INFO_COOKIE_NAME
Notes:
EDXMKTG_LOGGED_IN_COOKIE_NAME
has an existing alternative and simply should no longer be used. In place ofEDXMKTG_LOGGED_IN_COOKIE_NAME
, we should be using frontend-auth code from frontend-platform to determine if the user is authenticated and to get basic information on the user. (This happens to use JWT cookies behind the scenes, but that should be encapsulated away.)EDXMKTG_USER_INFO_COOKIE_NAME
, there is not yet an existing alternative.EDXMKTG_USER_INFO_COOKIE_NAME
:Replacement
Details included in earlier section.
Deprecation
It is already marked as deprecated.
Migration
No response
Additional Info
Additional notes:
DEPRECATED_LOGGED_IN_COOKIE_NAMES
.Note: This ticket used to be
ARCH-245`, which is what was used in the login cookie code comments.The text was updated successfully, but these errors were encountered: