Extend expiry of user benefits cookies to 30 days #3285
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tjmw
added a commit
to guardian/support-frontend
that referenced
this pull request
Dec 2, 2025
The cookie which tracks when to refresh benefits cookies is reduced to 1 day, like everywhere else. This is part of a wider change to benefits cookie expiration to fix an issue where signed-in users with ad free benefits who didn't visit the site for time period would sometimes see ads on their first returning pageview. This change makes this less likely to happen by extending the expiration of user benefits cookies. This is due to a race condition between the user benefits refresh and the ads code. However, we don't want to delay ads until after the user benefits have been refreshed as that would impact performance. So instead, extend the expiry of the cookie. See also: guardian/frontend#28352 guardian/dotcom-rendering#14810 guardian/gateway#3285
Previouly they were short lived (1-2 days) but this resulted in edge cases where if a signed in user didn't visit the site for more than a couple of days, when they returned their first page view wouldn't reflect their benefits (i.e. they would see ads). This is due to a race condition between the user benefits refresh and the ads code. However, we don't want to delay ads until after the user benefits have been refreshed as that would impact performance. So instead, extend the expiry of the cookie. Note: this may result in a user getting benefits they no longer have on the first returning pageview, but this will be correct from the second page view onwards. We think this is OK.
tjmw
force-pushed
the
tw/extend-benefits-cookie-expiration
branch
from
4f9ce1a to
30d6160
Compare
The gu_user_benefits_expiry cookie should keep a 1 day expiry. The actual benefits cookies extend to 30 days.
akinsola-guardian
approved these changes
Dec 4, 2025
rupertbates
approved these changes
Dec 4, 2025
Member
rupertbates
left a comment
rupertbates
left a comment
There was a problem hiding this comment.
Nice, well done for updating the comment
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this change?
This PR extends the expiration of all user benefits cookies to 30 days -
GU_AF1,gu_allow_reject_all,gu_hide_support_messaging. The cookie which tracks when the other cookies need refreshing (gu_user_benefits_expiry) continue to have an expiry of 1 day.Previously these cookies were short lived (1-2 days) but this resulted in edge cases where if a signed in user didn't visit the site for more than a couple of days, when they returned their first page view wouldn't reflect their benefits (i.e. they would see ads). This is due to a race condition between the user benefits refresh and the ads code. However, we don't want to delay ads until after the user benefits have been refreshed as that would impact performance. So instead, extend the expiry of the cookie.
Note: this may result in a user getting benefits they no longer have on the first returning pageview, but this will be correct from the second page view onwards. We think this is OK.
See also:
guardian/frontend#28352
guardian/dotcom-rendering#14810
guardian/support-frontend#7559
How to test
Sign in and inspect expiration of user benefits cookies (tested in CODE).
How can we measure success?
Fewer complaints from signed-in supporters about seeing ads.
Have we considered potential risks?
It shouldn't result in any noticable changes for signed in users - other than a better experience in the scenario described above. We'll still refresh the cookies daily ensuring users are only getting the benefits they're entitled to.