Opened 6 years ago
Last modified 6 years ago
#44161 new enhancement
Expired session tokens need to be removed from database because GDPR
Reported by: | mechter | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.9.6 |
Component: | Privacy | Keywords: | 2nd-opinion |
Focuses: | Cc: |
Description
WordPress stores the IP address (which is considered personal information) as part of its session tokens in the usermeta table. When the session expires, GDPR would seem to require the IP address to be removed from the database, as there is no longer a reason to keep it.
There should be some kind of garbage collection that removes expired session tokens on a daily basis.
Change History (4)
This ticket was mentioned in Slack in #core-privacy by lakenh. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.
6 years ago
#4
@
6 years ago
@desrosj - I am inclined to agree with you philosophically here, and thanks for weighing in, though I think through a strict interpretation of IP data rules, @mechter might be right as it's part of the data that is recorded about a given user on a site. (Thanks for opening this ticket!)
Regarding this:
There should be some kind of garbage collection that removes expired session tokens on a daily basis.
I think in some organizations that are really concerned, the idea of session management could be entirely disabled and this would be a reasonable option. That being said, I think it's useful for a user to review their login history with a given site.
Would totally love others to weigh in as well!
Hey @mechter, thanks for this ticket!
I am not sure that the IP should be erased automatically after a session expires. I would argue that it still holds a purpose, even for expired sessions. Say a user logs in and reviews their sessions. In my opinion, the IP address is important information because it helps the user confirm that a session rightfully belongs to them.
This also would be fairly difficult to accomplish, especially on sites with many users. Session data is stored in user meta on a per-user basis. This would require crawling through every user and checking every session in their meta key in some way.
I am inclined to close this as a
wontfix
, but I am going to leave this open for others to weigh in.While reviewing this during this week's Privacy component office hours (transcript link above), it came to our attention that the session data, which could be considered personally identifiable, is not currently included in the data export. #45889 has been opened to tackle that.