Cookies
HTTP cookies are small bits of data set by a website or app and stored on the user’s computer while the user is browsing. ExpressionEngine uses a number of cookies to help create a nicer user experience, both for guests and logged in members.
Cookies that are necessary to the functioning
By default, ExpressionEngine cookies are prefixed with exp_, so the session cookie would be named exp_sessionid. However, the prefix can be configured in Security & Privacy.
Note: This should not be considered an exhaustive list of cookies that might be in use on a given site. Third party addons may have their own cookies and cookies may be set outside of ExpressionEngine entirely.
Basic Cookies
| Name | Description | Expiration | Type |
|---|---|---|---|
| anon | Determines whether the user’s username is displayed in the list of currently logged in members. | 1 year | Functionality |
| cp_last_site_id | MSM cookie indicating the last site accessed in the control panel. | Session | Strictly Necessary |
| csrf_token | A security cookie used to identify the user and prevent Cross Site Request Forgery attacks. | 2 hours | Strictly Necessary |
| flash | Control panel user feedback messages, encrypted for security. | 1 day | Strictly Necessary |
| last_activity | Records the time of the last page load. Used in in calculating active sessions. | 1 year | Strictly Necessary |
| last_visit | Date of the user’s last visit, based on the last_activity cookie. Can be shown as a statistic for members and used by forum and comments to show unread topics for both members and guests. | 1 year | Strictly Necessary |
| remember | Determines whether a user is automatically logged in upon visiting the site. | 2 weeks | Strictly Necessary |
| sessionid | Session id, used to associate a logged in user with their data. | 1-2 hours | Strictly Necessary |
| tracker | Contains the last 5 pages viewed, encrypted for security. Typically used for form or error message returns. | Session | Functionality |
| visitor_consents | Saves responses to Consent requests for non-logged in visitors | 1 year | Strictly Necessary |
Comment Cookies
| Name | Description | Expiration | Type |
|---|---|---|---|
| my_email* | Email address specified when posting a comment. | 1 year | Functionality |
| my_location* | Location specified when posting a comment. | 1 year | Functionality |
| my_name* | Name specified when posting a comment. | 1 year | Functionality |
| my_url* | URL specified when posting a comment. | 1 year | Functionality |
| notify_me | If set to ‘yes’, notifications will be sent to the saved email address when new comments are made. | 1 year | Functionality |
| save_info | If set to ‘yes’, allows additional cookies to store guest user information for use when filling out comment forms. This cookie is only set if you submit a comment. | 1 year | Functionality |
* Cookie is set only if the user opts in via the ‘save_info’ field.
Forum Cookies
| Name | Description | Expiration | Type |
|---|---|---|---|
| forum_theme | If multiple forum themes exist, this cookie allows the user to save their theme preference. | 1 year | Functionality |
| forum_topics | Tracks the id number for read topics, allows setting the ‘read’ status. Saved in the cookie for guests, the database for members. | 1 year | Functionality |