GDPR and the "galaxy-sticky" cookie


#1

MDG: In order to help me (and probably most Galaxy customers) improve compliance with the GDPR, can you please describe the purpose of the cookie named “galaxy-sticky”?

Thanks!


#2

Does the CDN section of the Galaxy docs help?


#3

Kind of…

I was hoping for a phrasing that was suitable for presentation to an end user, in the context of the GDPR. For example: the cookie a) helps the site run faster, or b) helps MDG reduce bandwidth costs, or whatever. Something that is true, complete, and easy for a layperson to understand (because GDPR, groan). Did I get it with a) or b)? If not, can you help?

(PS: The page has a typo at ‘you application’.)


#4

No, a) and b) aren’t quite accurate. The galaxy-sticky cookie is used for session affinity (otherwise known as “sticky sessions”). In a nutshell, it’s used to make sure that incoming requests that have already started a session with one container, continue to use that container for subsequent requests. It prevents subsequent requests from being sent to a different container (in a multi-container environment), that doesn’t have any knowledge of the previously created session. Heroku has a good explanation of session affinity here.

Thanks for the typo heads up - fixed!