Cookies
HTTP cookies are small bits of data set by a website or app and stored on the user’s computer while the user is browsing. ExpressionEngine uses a number of cookies to help create a nicer user experience, both for guests and logged in members.
Cookies that are necessary to the functioning
By default, ExpressionEngine cookies are prefixed with exp_, so the session cookie would be named exp_sessionid. However, the prefix can be configured in Security & Privacy.
Note: This should not be considered an exhaustive list of cookies that might be in use on a given site. Third party add-ons may have their own cookies and cookies may be set outside of ExpressionEngine entirely.
Basic Cookies
| Name | Description | Expiration | Type |
|---|---|---|---|
| csrf_token | A security cookie used to identify the user and prevent Cross Site Request Forgery attacks. | 2 hours | Strictly Necessary |
| flash | Control panel user feedback messages, encrypted for security. | Session | Strictly Necessary |
| last_activity | Records the time of the last page load. Used in in calculating active sessions. | 360 days | Functionality |
| last_visit | Date of the user’s last visit, based on the last_activity cookie. Can be shown as a statistic for members and used by forum and comments to show unread topics for both members and guests. | 360 days | Functionality |
| remember | Determines whether a user is automatically logged in upon visiting the site. | 2 weeks | Strictly Necessary |
| sessionid | Session id, used to associate a logged in user with their data. | 1-2 hours | Strictly Necessary |
| visitor_consents | Saves responses to Consent requests for non-logged in visitors | 360 days | Strictly Necessary |
| anon | Determines whether the user’s username is displayed in the list of currently logged in members. | 2 weeks | Functionality |
| tracker | Contains the last 5 pages viewed, encrypted for security. Typically used for form or error message returns. | Session | Functionality |
| cp_last_site_id | MSM cookie indicating the last site accessed in the Control Panel. | Session | Functionality |
| viewtype | Indicates “thumb view” or “table view” for File Manager in Control Panel. | 360 days | Functionality |
| ee_cp_viewmode | Indicates whether “navigation-less” mode should be used in Control Panel. | 360 days | Functionality |
| collapsed_nav | Indicates whether main sidebar navigation in Control Panel should be collapased. | 360 days | Functionality |
Note: If you need to define how long the user will stay logged in for, you can change the lifetime of the remember cookie by copying system/ee/ExpressionEngine/Config/remember.php to /system/user/config/stopwords.php and changing the value of the remember_me_ttl property in that file.
Comment Cookies
| Name | Description | Expiration | Type |
|---|---|---|---|
| my_email* | Email address specified when posting a comment. | 360 days | Functionality |
| my_location* | Location specified when posting a comment. | 360 days | Functionality |
| my_name* | Name specified when posting a comment. | 360 days | Functionality |
| my_url* | URL specified when posting a comment. | 360 days | Functionality |
| notify_me | If set to ‘yes’, notifications will be sent to the saved email address when new comments are made | Session | Functionality |
| save_info | If set to ‘yes’, allows additional cookies to store guest user information for use when filling out comment forms. This cookie is only set if you submit a comment. | Session | Functionality |
* Cookie is set only if the user opts in via the ‘save_info’ field.
Forum Cookies
| Name | Description | Expiration | Type |
|---|---|---|---|
| forum_theme | If multiple forum themes exist, this cookie allows the user to save their theme preference. | 360 days | Functionality |
| forum_topics | Tracks the id number for read topics, allows setting the ‘read’ status. Saved in the cookie for guests, the database for members. | 360 days | Functionality |