List of cookies your forum may use:
- This cookie is the one that means you are logged in. Delete this cookie and you end your session. This format is just a convention. The
[your-site] is a string that represents your site and is assigned when your site is spun up. For this site the cookie name is
% is a random hash that gets assigned. For this rest of this document, assume that
- Cannot be opted out of.
- This token is anonymous and is used for CSRF protection.
- Cannot be opted out of.
- This token is anonymous and is used to track visits.
- Cannot be opted out of
- This token is used for Analytics tracking. EU users have their data anonymized by default.
- We store several pieces of information on this single cookie:
- Privacy Mode - A numeric flag, used to determine how much we anonymize a user's data when tracking analytics. This value is automatic, based on the detected country of origin.
- Session ID - A randomly-generated ID used to track signed-in-user activity. This value is reset between visits to the site.
- Secondary Session ID - A randomly-generated ID used to track events that could include guest data (e.g. page views).
- UUID - A randomly-generated ID used to uniquely identify the user. This ID can persist between site visits but only lives in the user's analytics cookie.
- Cannot be opted out of -- however, sites can disable Vanilla Advanced Analytics.
- This the Troll Management cookie. It is not anonymous and persists after logout. It's not used by anything except the Troll Management addon. It is only initially assigned when users log in and does not apply to users who remain guests.
- This is a randomly-generated ID we use to "fingerprint" users to determine if one user is utilizing multiple accounts on a community. It is not derived from any PII.
- Cannot be opted out of -- however, sites can disable the Troll Management addon.
- This is a "session" cookie (sid = session ID). The value maps to a row in Vanilla's Session table. This table is used to temporarily store information for a user. More often than not, this cookie is created as part of an SSO sign-in (although it can also make an appearance when users initiate the "forgot my password" workflow). Depending on the SSO method, Vanilla might need to "remember" some initial values to complete sign-in, after the user is redirected back to the site from the authentication provider
- This cookie serves the same purpose as
vf_[your-site]_% When you are on a forum that is part of a hub/node setup this cookie is set so that the various nodes "know" that you are logged into the hub.
- Cannot be opted-out of.
- Cloudflare uses 2 cookies, both named __cfduid. These live on:
- These are used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
- For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.
- Full description here: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do-
- Another Cloudflare cookie related to rate limiting
- Basically, it makes sure that different users on the same network (sharing the same IP) doing requests to rate-limited URLs won't be counted as one user in order to avoid rate limiting issues.