Cookies
This article explains the types of cookies Strivacity sets in browsers, including their purposes and how long they remain active.
| Name | Purpose | Duration |
|---|---|---|
| __Secure-IeYyraekl2- | A secure cookie that identifies the login flow. Its value is a unique identifier (UUIDv4) that represents a login flow session. postfix: The first 7 characters of the client ID. | Session |
| __Secure-IeYyraekl2-admin | A secure cookie that identifies an Admin Console login session. | Session |
| __Secure-SimpleLogin | A secure cookie that identifies a Simple API login session. | Session |
| oauth2authentication_csrf | This cookie is used to prevent Cross-Site Request Forgery (CSRF) attacks during the authentication process. | 30 minutes |
| oauth2consent_csrf | Similar to the oauth2_authentication_csrf cookie, this one is used to prevent CSRF attacks during the consent process. | 30 minutes |
| DAUTHS | A per-device login session identifier that refers to the server-side stored session data. | 30 minutes |
| SESSION | This cookie stores a unique session identifier that the application and the user's browser use to maintain the session state across multiple requests. This cookie is used by Admin Console (AC) and Self-Service Portal (MyAccount) applications. | 1 year |
| OSESSION | Similar to the SESSION cookie, used by Organization Portal applications. | Session |
The default value for login session max age is 5 minutes, but it can be configured in the admin console under Applications > General > Login Session Max Age.
Updated 7 months ago