HTTP cookies are small bits of data set by a website or app and stored on the user’s computer while the user is browsing. ExpressionEngine uses a number of cookies to help create a nicer user experience, both for guests and logged in members.
Cookies that are necessary to the functioning
By default, ExpressionEngine cookies are prefixed with
exp_, so the session cookie would be named ‘exp_sessionid’. However, the prefix can be configured in Security & Privacy.
This should not be considered an exhaustive list of cookies that might be in use on a given site. Third party addons may have their own cookies and cookies may be set outside of ExpressionEngine entirely.
|anon||Determines whether the user’s username is displayed in the list of currently logged in members.||1 year||Functionality|
|cp_last_site_id||MSM cookie indicating the last site accessed in the control panel.||Session||Strictly Necessary|
|csrf_token||A security cookie used to identify the user and prevent Cross Site Request Forgery attacks.||2 hours||Strictly Necessary|
|flash||Control panel user feedback messages, encrypted for security.||1 day||Strictly Necessary|
|last_activity||Records the time of the last page load. Used in conjunction with the last_visit cookie.||1 year||Strictly Necessary|
|last_visit||Date of the user’s last visit. Can be shown as a statistic for members and used by the forum to show unread topics for both members and guests.||1 year||Strictly Necessary|
|remember||Determines whether a user is automatically logged in upon visiting the site.||2 weeks||Strictly Necessary|
|sessionid||Session id, used to associate a logged in user with their data.||1-2 hours||Strictly Necessary|
|tracker||Contains the last 5 pages viewed, encrypted for security. Typically used for form or error message returns.||Session||Functionality|
|visitor_consents||Saves responses to Consent requests for non-logged in visitors||1 year||Strictly Necessary|
|my_email*||Email address specified when posting a comment.||1 year||Functionality|
|my_location*||Location specified when posting a comment.||1 year||Functionality|
|my_name*||Name specified when posting a comment.||1 year||Functionality|
|my_url*||URL specified when posting a comment.||1 year||Functionality|
|notify_me||If set to ‘yes’, notifications will be sent to the saved email address when new comments are made.||1 year||Functionality|
|save_info||If set to ‘yes’, allows additional cookies to store guest user information for use when filling out comment forms. This cookie is only set if you submit a comment.||1 year||Functionality|
- Cookie is set only if the user opts in via the ‘save_info’ field.
|forum_theme||If multiple forum themes exist, this cookie allows the user to save their theme preference.||1 year||Functionality|
|forum_topics||Tracks the id number for read topics, allows setting the ‘read’ status. Saved in the cookie for guests, the database for members.||1 year||Functionality|