Cookie name |
Purpose |
Expiry period |
APIKey |
Cookie use to call internal Javascript API calls to populate dropdowns in the filters |
Session |
ASP.NET_SessionId |
This cookie is set by the underlying technology (Microsoft ASP.NET) used to run the web application, or by OutSystems (Java) |
Session |
CookieAuth_APIKey |
Cookie used in the import async processes (Javascript API calls) |
Session |
DEVICES_TYPE |
Cookie used to determine which device type is accessing the app (phone, tablet, desktop etc.) |
360 days |
RT |
Contains redirect URL information for logout |
10 min |
<User Provider Name>.sid |
Used in conjunction with the Session Id cookie in order to prevent session fixation vulnerabilities |
Session |
osVisit |
Each time the end-user accesses a web page and this cookie doesn't exist yet, the cookie is created and set with a unique value, representing that the visitor accessed the site. This cookie expires after 30 minutes, if the visitor leaves the web application and then returns 30 minutes later, a new session is started. No association with an actual user identity(ies) is done by OutSystems |
30 min |
osVisitor |
The first time the end-user accesses the web server (accessing a web page from the server), a unique value is stored in this cookie. No association with actual user identity(ies) is done by OutSystems |
Persistent |
pageLoadedFromBrowserCache |
Some applications may use this cookie to improve the user experience of the web application. It ensures that, in pages where a feedback message is displayed, if the users clicks the back button, they won't be shown the same feedback messages again |
Session |
<web screen name>:<generated id>: <initial tab> |
Some applications may use cookies with this naming convention to keep the pagination state in specific web pages. |
Session |
<User Provider Name> |
Used by the Remember Login functionality in applications |
10 days |
nr1<User Provider Name> |
Used to enforce session expiration as needed. Contains information needed to ensure session authenticity |
Session |
nr2<User Provider Name> |
Provides information to the application code about the user identifier via the built-in function GetUserId. Contains information needed to avoid CSRF attacks |
Session |
DEVICE_ORIENTATION |
Used to store the orientation of the mobile device to allow OutSystems UI to implement the action GetDeviceOrientation properly. No association with an actual user identity(ies) is done by OutSystems |
360 days |
DEVICE_BROWSER |
Used to store the browser in use on the device to allow OutSystems UI to implement the action GetBrowser properly. No association with an actual user identity(ies) is done by OutSystems |
360 days |
DEVICE_OS |
Used to store the device's operating system allowing OutSystems UI to to implement the action GetOS properly. No association with an actual user identity(ies) is done by OutSystems |
360 days |