cookie-lifetime-audit

Installation
SKILL.md

Auditing Cookie Lifetimes

Overview

Cookie lifetime is a critical compliance factor often overlooked in consent implementations. The CNIL recommends a maximum cookie lifetime of 13 months from the point of collection, after which consent must be renewed. The CJEU in Planet49 (Case C-673/17) established that cookie duration must be disclosed to users before consent is obtained. Additionally, browser-enforced restrictions — Safari's Intelligent Tracking Prevention (ITP), Firefox's Enhanced Tracking Protection (ETP), and Chrome's third-party cookie deprecation — impose technical limits on cookie lifetimes that may conflict with server-set durations. A cookie lifetime audit identifies cookies exceeding regulatory or technical limits and ensures accurate duration disclosure.

Cookie Duration Classification

Session vs. Persistent Cookies

Type Duration Behavior Consent Implications
Session cookie No Expires or Max-Age attribute Deleted when browser closes Still requires consent if non-essential under ePrivacy Art. 5(3)
Persistent cookie Has Expires or Max-Age Survives browser restart Requires consent; duration must be disclosed (Planet49)
Server-refreshed Reset on each visit via Set-Cookie Effectively indefinite if user visits regularly Duration is from last visit, not first set — must disclose rolling nature

Duration Categories

Installs
9
GitHub Stars
187
First Seen
Jun 9, 2026
cookie-lifetime-audit — mukul975/privacy-data-protection-skills