Cookie name | Purpose | Expiry Period |
csrf_tin | This cookie is related to the CSRF token which is used to prevent CSRF attacks. Tokens are attached to the form in the hidden field and sent on submission. The website verifies the CRSF token on every request | 1 Day |
cookie_consent | To store the cookie consent of the user | 2 Days |
Cookie name | Purpose | Expiry Period |
_ga |
Google Analytics cookie. Used to distinguish users | 2 Years |
_ga_* |
Google Analytics cookie. Used to persist session state | 2 Years |
Cookie name | Purpose | Expiry period |
APIKey | Cookie use to call internal Javascript API calls to populate dropdowns in the filters | Session |
ASP.NET_SessionId | This cookie is set by the underlying technology (Microsoft ASP.NET) used to run the web application, or by OutSystems (Java) | Session |
CookieAuth_APIKey | Cookie used in the import async processes (Javascript API calls) | Session |
DEVICES_TYPE | Used to store the type of mobile device in use to allow OutSystems UI to adjust the interface. No association with an actual user identity(ies) is done by OutSystems. | 360 days |
RT | Used to calculate load time information collected for LifeTime Analytics. The cookie will only be present if the application has Monitoring turned on (in LifeTime Analytics). No association with an actual user identity(ies) is done by OutSystems. | 10 min |
<User Provider Name>.sid | Used in conjunction with the Session Id cookie in order to prevent session fixation vulnerabilities | Session |
osVisit | Each time the end-user accesses a web page and this cookie doesn't exist yet, the cookie is created and set with a unique value, representing that the visitor accessed the site. This cookie expires after 30 minutes, if the visitor leaves the web application and then returns 30 minutes later, a new session is started. No association with an actual user identity(ies) is done by OutSystems | 30 min |
osVisitor | The first time the end-user accesses the web server (accessing a web page from the server), a unique value is stored in this cookie. No association with actual user identity(ies) is done by OutSystems | Persistent |
pageLoadedFromBrowserCache | Ensures that, in pages where a feedback message is displayed, if the user clicks the back button, they won't be shown the same feedback messages again. This cookie is required to ensure the correct behaviour of apps. | Session |
<web screen name>:<generated id>: <initial tab> | Some applications may use cookies with this naming convention to keep the pagination state in specific web pages. | Session |
<User Provider Name> | Used by the Remember Login functionality in applications | 10 days |
nr1<User Provider Name> | Used to enforce session expiration as needed. Contains information needed to ensure session authenticity | Session |
nr2<User Provider Name> | Provides information to the application code about the user identifier via the built-in function GetUserId. Contains information needed to avoid CSRF attacks | Session |
DEVICE_ORIENTATION | Used to store the orientation of the mobile device to allow OutSystems UI to implement the action GetDeviceOrientation properly. No association with an actual user identity(ies) is done by OutSystems | 360 days |
DEVICE_BROWSER | Used to store the browser in use on the device to allow OutSystems UI to implement the action GetBrowser properly. No association with an actual user identity(ies) is done by OutSystems | 360 days |
DEVICE_OS | Used to store the device's operating system allowing OutSystems UI to implement the action GetOS properly. No association with an actual user identity(ies) is done by OutSystems | 360 days |
Cookie name | Purpose | Expiry period |
CloudFront-Signature | A hashed, signed, and base64-encoded version of a JSON policy statement | Maximum 1 hour or until session persists |
CloudFront-Key-Pair-Id | The public key ID tells CloudFront which public key to use to validate the signed URL. CloudFront compares the information in the signature with the information in the policy statement to verify that the URL has not been tampered with | Maximum 1 hour or until session persists |
CloudFront-Policy | The policy statement controls the access that a signed cookie grants to a user. It includes, for example, the files that the user can access, an expiration date and time | Maximum 1 hour or until session persists |
vpc-token | Stores the actual token that is used to log into the site | Maximum 1 hour or until session persists |
vpc-token-is-set | Validates if the stored token is still valid | Expires immediately if a login fails or otherwise after 7 days |
If you use a smart phone, you can usually prevent cross-site tracking and block Cookies in the settings section on your device. You may also be able to visit websites without leaving a history by turning private browsing on. You should visit the support section of the website of your device for more information on how to do this.