Default cookie duration (20 years) in the config isn't in the spirit of the law

[Patapoof]

This is probably the most boring issue report I have written in my career, sorry about that.

The default config file sets a cookie duration of 20 years (365 x 20) days, which could put in trouble the people using this package. While GDPR (Recital 30, the ePrivacy Directive, etc.) don't specify a duration, various EU publications mention a reasonable duration of 12 months.

I'm aware of https://github.com/spatie/laravel-cookie-consent/issues/66, I feel this one is different, about changing a default value.

You should either put a more sane default duration (nobody will change that, right?), or change the default text to mention the duration. There are boring discussions out there about the importance of consent (you might be ok with 50 years, since the user did consent to this condition), but the problem is that the duration isn't mentioned by default.

I told you, boring stuff, but it's rather easy to be on the safe side and opt for a default of 365 days.