Not a bug GDPR: Have to accept privacy policy/terms multiple times

[PaulB]

Affected version

1.5.20b

This is probably the same as https://xenforo.com/community/threa...e-have-to-accept-privacy-policy-twice.147733/, but I've included steps for reproducing it.

The user has to accept the privacy policy/terms once for each time the admins have forced users to accept the privacy policy/terms.

For example:

1. UserA doesn't visit the site for a while
2. Admin forces all users to accept privacy policy
3. Time passes
4. Admin changes privacy policy
5. Admin forces all users to accept privacy policy again
6. UserA returns to the site
7. UserA now has to accept the privacy policy twice

 

[Chris D]

It doesn't work like that and I cannot reproduce it with those steps.

The way the logic works is that we store the dates you last forced privacy and terms.

Each user record also has a record of the dates they last accepted the privacy and terms.

If the force date is greater than the user's last acceptance date, then they will be presented with the page to accept them.

With that logic, it doesn't matter if you re-force the terms/privacy hundreds of times. As soon as the user has accepted, their acceptance date is now greater than the last time it was forced and the page will no longer be displayed.

 

[PaulB]

Yeah, I'm seeing that looking at the code. I think I just got lucky with the correlation while testing. There must be something getting cached.

Either way, this seems to be an issue that multiple sites are encountering.

 

[PaulB]

Looks like it was an issue with how we were using Nginx's FastCGI cache.