UserAgent cookie GDPR compliance
Currently, Zitadel uses two cookies:
- zitadel.csrf
- zitadel.useragent
We understand that the zitadel.csrf cookie is required to ensure a secure login flow. However, the second cookie appears to be used for session storage.
Are you considering this cookie to be required or functional? If it is functional (i.e., optional), it should be possible to prevent its creation to ensure Zitadel remains GDPR compliant.
Could you please clarify this for us? (Perhaps you classify this cookie as required.)
Thank you!
- zitadel.csrf
- zitadel.useragent
We understand that the zitadel.csrf cookie is required to ensure a secure login flow. However, the second cookie appears to be used for session storage.
Are you considering this cookie to be required or functional? If it is functional (i.e., optional), it should be possible to prevent its creation to ensure Zitadel remains GDPR compliant.
Could you please clarify this for us? (Perhaps you classify this cookie as required.)
Thank you!
