This guide indicates the Liferay products which generate cookies in order to assist Liferay administrators with data privacy compliance. Each entry should indicate the name, type, duration, and purpose. Any personal data which may also be included in the cookie should be indicated in this guide. If the personal data cell is blank then that cookie does not store any personal data.
The Cookie Category column uses the following categories as determined the GDPR. For a full description please visit https://gdpr.eu/cookies/
- Strictly Necessary
- Preference
- Statistics
- Marketing
Liferay DXP
Cookie name |
Cookie class name/package |
Short Description |
Cookie Category |
Cookie type (session or permanent cookie) |
Retention time (life time) in case of permanent cookie |
Personal Data in the cookie (PD) |
---|---|---|---|---|---|---|
ab_test_variant_id |
segments-experiment-web |
Stores the current experience served by A/B Testing to the user. |
Marketing/ Personalization |
Permanent cookie |
|
|
|
analytics-client-js |
Used to store the current DXP userId. |
Marketing/ Personalization |
Permanent cookie |
1 YEAR | userId |
com.liferay.search.experiences .web_addSXPElementSidebar
|
search-experiences-web |
Determines if the Add Query Elements sidebar should be opened/closed while changing tabs in the Edit Blueprint page. |
Preferences/ Functional |
Session |
||
com.liferay.search.experiences .web_successMessage
|
search-experiences-web |
Determines when to display a success message toast when saving a blueprint. |
Preferences/ Functional |
Session |
||
|
|
Allows a user to compare products. |
Functional |
|
||
COMMERCE_CONTINUE_AS_GUEST |
CommerceOrderHttpHelperImpl |
Allow a guest user to checkout an order as guest with no need to login. |
Strictly necessary |
Permanent removed after usage |
|
|
CommerceOrder.class.getName() + StringPool.POUND + groupId |
|
Allows a user to convert a guest order into a user's order after login. |
Strictly necessary |
Permanent removed after usage |
|
|
CommerceOrder.class.getName() + StringPool.POUND + groupId |
PunchOutLoginPostAction |
Stores PunchOut contextual order. Required for PunchOut functionality. |
Strictly necessary |
Session |
-1 The cookie exists until the browser is shut down. |
|
CommerceWishList.class.getName() + StringPool.POUND + groupId |
CommerceWishListHttpHelperImpl |
Allows a guest user to make guest wishlist that eventually become the user wishlist. |
Functional |
Permanent |
|
|
COMPANY_ID |
|
Sets the previously accessed companyId |
Strictly necessary |
Session when rememberMe is disabled |
company.security.auto .login.max.age=31536000
|
|
GUEST_LANGUAGE_ID |
LanguageImpl , PortalImpl , I18nFilter |
Stores the language ID to use when a user's language ID is not available |
Preferences/ Functional |
Session |
|
|
ID |
|
Sets an encrypted userId for the Remember Me functionality. |
Strictly necessary |
Session when Remember Me is disabled. |
company.security.auto .login.max.age=31536000
|
userId (encrypted) |
JSESSIONID |
|
|
Strictly necessary |
Session |
-1 The cookie exists until the browser is shut down. |
|
|
|
Used to determine if cookies can actually be saved to the browser. |
Strictly necessary |
Permanent cookie |
|
|
LFR_SESSION_STATE_ + userID |
frontend-js-aui-web |
Manages session extension/invalidation when a user does not use “Remember Me” feature |
Strictly necessary |
Session |
userId (not encrypted), in cookie name |
|
liferay.cookie.consent |
site-initializer-masterclass |
Determines if a user has consented to the use of cookies through the fragment. |
Preferences/ Functional |
Permanent cookie |
||
liferay.cookie.consent |
fragment-collection-contributor-cookie-banner |
Determines if a user has consented to the use of cookies through the fragment. |
Preferences/ Functional |
Permanent cookie |
||
LOGIN |
|
|
Functional |
|
||
OAUTH2_REMEMBER_DEVICE_ |
AuthorizationCodeGrantServiceRegistrator |
Determines if a user can skip the OAuth 2 authorization flow while using the same device where the user was previously authorized. |
Functional |
Session |
||
PASSWORD |
|
|
Functional |
|
||
REMEMBER_ME |
|
Determines if a user has previous used the Remember Me functionality. A user can skip authentication from the same device where the user previously authenticated. |
Functional |
Permanent |
company.security.auto .login.max.age=31536000
|
|
SAML_SP_SESSION_KEY |
|
Enables the DXP SAML SP to participate in SAML SLO (Single Log Out) |
Functional |
Session |
-1 The cookie exists until the browser is shut down. |
|
SAML_SSO_SESSION_ID |
|
Enabled the SAML IDP SSO session to have a longer lifetime than the user’s HttpSession with that IDP. The cookie causes new authenticated HttpSessions to be automatically created on demand. |
Functional |
Session |
-1 The cookie exists until the browser is shut down. |
|
UserLogin |
AuthenticatedSessionManagerImpl |
Determines the login age when a the Remember Me functionality is used. |
Functional |
Permanent |
company.security.auto .login.max.age=31536000
|
UserLogin |
UserPassword |
AuthenticatedSessionManagerImpl |
Sets an encrypted userPassword in order to reauthenticate a user after an initial authentication where the Remember Me functionality is performed. |
Functional |
Permanent |
company.security.auto .login.max.age=31536000
|
|
userTokenName |
com.liferay.portal.security.sso .token.configuration
|
Determines if a user can stay logged in if token SSO authorization flow is configured. |
Functional |
Session |
Liferay Analytics Cloud
Cookie name |
Cookie class name/package |
Short Description |
Cookie category |
Cookie type (session or permanent cookie) |
Retention time (life time in case of permanent cookie) |
Personal Data in the cookie (PD) |
---|---|---|---|---|---|---|
|
|
Determines the current workspace in order to generate a chat session using the correct Help Center organization. |
Preferences/ Functional |
permanent |
Forever (local storage) |
|
|
|
Determines if a server maintenance message should be displayed to the user based on whether the user has dismissed it or not. |
Preferences/ Functional |
permanent |
Forever (local storage) |
|
|
|
Determine if the sidebar should be open/closed based on the user’s last session. |
Preferences/ Functional |
permanent |
Forever (local storage) |
|
|
|
Determines the current workspace subscription in order to generate a chat session using the correct Help Center organization. |
Preferences/ Functional |
permanent |
Forever (local storage) |
|
|
analytics-client-js |
Stores the current userId from AC to track user. |
Statistics/ Performance |
permanent |
Forever (local storage) |
UserID |
|
|
Stores the logged-in user ID, which can be empty or a SHA-256 hash generated with the email and userId, for Known Individual data. |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
|
|
Stores the Channel ID of the current website the user is accessing |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
|
|
Stores identities that have not yet been sent to the server. It can be an empty array or a queue of identities |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
|
|
Stores the current version of internal storage settings |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
|
|
Stores a group of properties that can be page or user properties. Each event submission uses the context to send information to the server |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
|
|
Stores a list of IDs to ensure that duplicate events are not sent to the backend. |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
|
|
Stores events that have not yet been sent to the server. It can be an empty array or an event queue. |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
|
|
Stores the email ID of the logged in user, which can be empty or an SHA-256 cryptographic hash, it is used to identify whether the last logged in user is the same as the previous user and also assign the events of anonymous browsing to the user who just logged in to log in. |
Statistics/ Performance |
permanent |
Forever (local storage) |
|
Liferay Cloud Console
Cookie name |
Cookie class name/package |
Short Description |
Cookie category |
Cookie type (session or permanent cookie) |
Retention time (life time) in case of permanent cookie |
Personal Data in the cookie (PD) |
---|---|---|---|---|---|---|
|
|
Identifies the logged in user in the cloud console and cloud admin |
Strictly necessary |
session |
session time |
|
|
|
Identifies a single session in Express Server (backend) |
Strictly necessary |
session |
session time |
|
|
|
Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool - Set when a user first lands on a page |
Statistics |
permanent |
1 year |
|
|
|
Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool |
Statistics |
permanent |
30 min |
|
|
|
Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool - Holds current session data |
Statistics |
permanent |
30 min |
|
|
|
Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool - Identifies a new user’s first session |
Statistics |
session |
session duration |
|
|
|
Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool |
Statistics |
permanent |
30 min |
|
|
|
Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool |
Statistics |
permanent |
30 min |
|
|
|
Generated by Google Analytics |
Statistics |
permanent |
1 day |
|
|
|
Generated by Google Analytics |
Statistics |
permanent |
2 years |
|
|
|
Generated by Google Analytics |
Statistics |
permanent |
1 min |
|
|
|
Generated by Zendesk to identify a users session |
Statistics |
|
|
|
|
|
Generated by the Webserver Service |
Strictly necessary |
session |
|
|