Cookies
HTTP cookies are small bits of data set by a website or app and stored on the user’s computer while the user is browsing. ExpressionEngine uses a number of cookies to help create a nicer user experience, both for guests and logged in members.
Cookies that are necessary to the functioning
By default, ExpressionEngine cookies are prefixed with exp_
, so the session cookie would be named exp_sessionid
. However, the prefix can be configured in Security & Privacy.
Note: This should not be considered an exhaustive list of cookies that might be in use on a given site. Third party addons may have their own cookies and cookies may be set outside of ExpressionEngine entirely.
Basic Cookies
Name | Description | Expiration | Type |
---|---|---|---|
anon | Determines whether the user’s username is displayed in the list of currently logged in members. | 1 year | Functionality |
cp_last_site_id | MSM cookie indicating the last site accessed in the control panel. | Session | Strictly Necessary |
csrf_token | A security cookie used to identify the user and prevent Cross Site Request Forgery attacks. | 2 hours | Strictly Necessary |
flash | Control panel user feedback messages, encrypted for security. | 1 day | Strictly Necessary |
last_activity | Records the time of the last page load. Used in in calculating active sessions. | 1 year | Strictly Necessary |
last_visit | Date of the user’s last visit, based on the last_activity cookie. Can be shown as a statistic for members and used by forum and comments to show unread topics for both members and guests. | 1 year | Strictly Necessary |
remember | Determines whether a user is automatically logged in upon visiting the site. | 2 weeks | Strictly Necessary |
sessionid | Session id, used to associate a logged in user with their data. | 1-2 hours | Strictly Necessary |
tracker | Contains the last 5 pages viewed, encrypted for security. Typically used for form or error message returns. | Session | Functionality |
visitor_consents | Saves responses to Consent requests for non-logged in visitors | 1 year | Strictly Necessary |
Comment Cookies
Name | Description | Expiration | Type |
---|---|---|---|
my_email* | Email address specified when posting a comment. | 1 year | Functionality |
my_location* | Location specified when posting a comment. | 1 year | Functionality |
my_name* | Name specified when posting a comment. | 1 year | Functionality |
my_url* | URL specified when posting a comment. | 1 year | Functionality |
notify_me | If set to ‘yes’, notifications will be sent to the saved email address when new comments are made. | 1 year | Functionality |
save_info | If set to ‘yes’, allows additional cookies to store guest user information for use when filling out comment forms. This cookie is only set if you submit a comment. | 1 year | Functionality |
* Cookie is set only if the user opts in via the ‘save_info’ field.
Forum Cookies
Name | Description | Expiration | Type |
---|---|---|---|
forum_theme | If multiple forum themes exist, this cookie allows the user to save their theme preference. | 1 year | Functionality |
forum_topics | Tracks the id number for read topics, allows setting the ‘read’ status. Saved in the cookie for guests, the database for members. | 1 year | Functionality |