UserAgent cookie GDPR compliance
Currently, Zitadel uses two cookies:
- zitadel.csrf
- zitadel.useragent
We understand that the zitadel.csrf cookie is required to ensure a secure login flow. However, the second cookie appears to be used for session storage.
Are you considering this cookie to be required or functional? If it is functional (i.e., optional), it should be possible to prevent its creation to ensure Zitadel remains GDPR compliant.
Could you please clarify this for us? (Perhaps you classify this cookie as required.)
Thank you!
4 Replies
Can anyone from Zitadel team help me here, just to clear things up?
Hey @TomasP! Thanks for reaching out. Let me escalate this internally to get you some more context on if this cookie is required or optional and I'll get back to you as soon as possible. ☺️
Are you currently using your own custom login or are you using our out-of-the-box login?
We are using the out-of-the-box Zitadel login UI.
Hi, any updates on the cookie situation?
hey @TomasP based on internal discussion, when using our login it’s needed