๐ Feature: Option to disable Cookies
mariusbolik opened this issue ยท 2 comments
๐ Feature description
You should add an option to disable cookies and use local storage instead.
// Init your Web SDK
const client = new Client();
client
.setEndpoint('http://localhost/v1') // Your Appwrite Endpoint
.setProject('455x34dfkj') // Your project ID
.useCookies(false)
;
๐ค Pitch
By providing an option to disable cookies and use local storage instead can help developers comply with EU data protection laws (GDPR), respect user privacy preferences, enhance privacy control, improve performance, and ensure cross-domain compatibility. By considering these factors, the SDK can offer a more versatile and privacy-conscious solution for web application development.
๐ Have you spent some time to check if this issue has been raised before?
- I checked and didn't find similar issue
๐ข Have you read the Code of Conduct?
- I have read the Code of Conduct
@mariusbolik I'm not an expert on GDPR, but one issue I see is session cookies. What does "disabling cookies" entail? All cookies? Non-essential cookies?
GDPR does not forbid the use of cookies; rather, it imposes regulations on how personal data, including data collected via cookies, must be handled. According to GDPR, any information that can be used to identify an individual directly or indirectly is considered personal data. This means that cookies, which can often be used to track individuals across websites and services, fall under the scope of GDPR.
Not all cookies are treated equally under GDPR. There's a distinction made between cookies that are strictly necessary for the operation of a site (often referred to as "functional cookies") and those that are not (such as tracking cookies used for targeted advertising). Functional cookies are essential for basic website functions and services, such as keeping a user logged in during a session or ensuring secure transactions. Because these cookies are considered necessary for the provision of the service explicitly requested by the user, they are generally allowed without requiring prior consent from the user.
The only cookie Appwrite sets for your end users is a cookie that stores the user session in order to know if the user is logged in or not.
and... yeh just for the sake of it, this is not a legal advice.