Liferay Product Cookies

This guide indicates the Liferay products which generate cookies in order to assist Liferay administrators with data privacy compliance. Each entry should indicate the name, type, duration, and purpose. Any personal data which may also be included in the cookie should be indicated in this guide. If the personal data cell is blank then that cookie does not store any personal data.

The Cookie Category column uses the following categories as determined the GDPR. For a full description please visit https://gdpr.eu/cookies/

  • Strictly Necessary
  • Preference
  • Statistics
  • Marketing

 

Liferay DXP

Cookie name

Cookie class name/package

Short Description

Cookie Category

Cookie type (session or permanent cookie)

Retention time (life time) in case of permanent cookie

Personal Data in the cookie (PD)

ab_test_variant_id segments-experiment-web Stores the current experience served by A/B Testing to the user.

Marketing/

Personalization

Permanent cookie

CookieKeys.MAX_AGE

31536000

 

ac_client_user_id

analytics-client-js

Used to store the current DXP userId.

Marketing/

Personalization

Permanent cookie

1 YEAR userId
com.liferay.search.experiences.
web_addSXPElementSidebar
search-experiences-web

Determines if the Add Query Elements sidebar should be opened/closed while changing tabs in the Edit Blueprint page.

Preferences/

Functional

Session

   
com.liferay.search.experiences.
web_successMessage
search-experiences-web

Determines when to display a success message toast when saving a blueprint.

Preferences/

Functional

Session

   

COMMERCE_COMPARE_cpDefinition

Ids_ + commerceChannelGroupId

CPCompareContentDisplayContext

CPCompareContentMiniDisplayContext

CPCompareHelperImpl

Allows a user to compare products.

Functional

 

   
COMMERCE_CONTINUE_AS_GUEST CommerceOrderHttpHelperImpl

Allow a guest user to checkout an order as guest with no need to login.

Strictly necessary

Permanent

removed after usage

CookieKeys.MAX_AGE

31536000

 

CommerceOrder.class.getName() + StringPool.POUND + groupId

CommerceOrderHttpHelperImpl

LogoutPreAction

Allows a user to convert a guest order into a user's order after login.

Strictly necessary

Permanent

removed after usage

CookieKeys.MAX_AGE

31536000

 

CommerceOrder.class.getName() + StringPool.POUND + groupId PunchOutLoginPostAction

Stores PunchOut contextual order. Required for PunchOut functionality.

Strictly necessary

Session

-1

The cookie exists until 

the browser is shut down.

 
CommerceWishList.class.getName() + StringPool.POUND + groupId CommerceWishListHttpHelperImpl

Allows a guest user to make guest wishlist that eventually become the user wishlist.

Functional

Permanent

CookieKeys.MAX_AGE

31536000

 
COMPANY_ID

AuthenticatedSessionManagerImpl

BaseProfile

PortalInstances

Sets the previously accessed companyId

Strictly necessary

Session when rememberMe is disabled
Permanent when rememberMe is enabled

company.security.auto.
login.max.age=31536000
 
GUEST_LANGUAGE_ID LanguageImpl, PortalImpl, I18nFilter

Stores the language ID to use when a user's language ID is not available

Preferences/

Functional

Session

CookieKeys.MAX_AGE

31536000

 
ID

AuthenticatedSessionManagerImpl

BaseProfile

RememberMeAutoLogin

Sets an encrypted userId for the Remember Me functionality.

Strictly necessary

Session when Remember Me is disabled.
Permanent when Remember Me is enabled.

company.security.auto.
login.max.age=31536000
userId (encrypted)
JSESSIONID

SessionIdServletRequest

UserAccountResourceImpl

 

Strictly necessary

Session

-1

The cookie exists until 

the browser is shut down.

 

COOKIE_SUPPORT

CookiesManagerImpl

Used to determine if cookies can actually be saved to the browser.

Strictly necessary

Permanent cookie

CookieKeys.MAX_AGE

31536000

 
LFR_SESSION_STATE_ + userID frontend-js-aui-web

Manages session extension/invalidation when a user does not use “Remember Me” feature

Strictly necessary

Session

  userId (not encrypted), in cookie name
liferay.cookie.consent site-initializer-masterclass

Determines if a user has consented to the use of cookies through the fragment.

Preferences/

Functional

Permanent cookie

   
liferay.cookie.consent fragment-collection-contributor-cookie-banner

Determines if a user has consented to the use of cookies through the fragment.

Preferences/

Functional

Permanent cookie

   
LOGIN

AuthenticatedSessionManagerImpl

BaseProfile

LoginUtil

 

Functional

 

   
OAUTH2_REMEMBER_DEVICE_ AuthorizationCodeGrantServiceRegistrator

Determines if a user can skip the OAuth 2 authorization flow while using the same device where the user was previously authorized.

Functional

Session

   
PASSWORD

AuthenticatedSessionManagerImpl

BaseProfile

RememberMeAutoLogin

 

Functional

 

   
REMEMBER_ME

AuthenticatedSessionManagerImpl

BaseProfile

DDMFormDisplayContext

session_timeout.jspf

Determines if a user has previous used the Remember Me functionality. A user can skip authentication from the same device where the user previously authenticated.

Functional

Permanent

company.security.auto.
login.max.age=31536000
 
SAML_SP_SESSION_KEY

BaseProfile

KeepAliveSPPortalDynamicInclude

WebSsoProfileImpl

Enables the DXP SAML SP to participate in SAML SLO (Single Log Out)

Functional

Session

-1

The cookie exists until 

the browser is shut down.

 
SAML_SSO_SESSION_ID

BaseProfile

KeepAliveStrutsAction

SamlIdpSsoFilter

WebSsoAutoLogin

WebSsoProfileImpl

Enabled the SAML IDP SSO session to have a longer lifetime than the user’s HttpSession with that IDP. The cookie causes new authenticated HttpSessions to be automatically created on demand.

Functional

Session

-1

The cookie exists until 

the browser is shut down.

 
UserLogin AuthenticatedSessionManagerImpl

Determines the login age when a the Remember Me functionality is used.

Functional

Permanent

company.security.auto.
login.max.age=31536000
UserLogin
UserPassword AuthenticatedSessionManagerImpl

Sets an encrypted userPassword in order to reauthenticate a user after an initial authentication where the Remember Me functionality is performed.

Functional

Permanent company.security.auto.
login.max.age=31536000

User

Password (Encrypted)

userTokenName com.liferay.portal.security.sso.
token.configuration

Determines if a user can stay logged in if token SSO authorization flow is configured.

Functional

Session

   

 

Liferay Analytics Cloud

Cookie name

Cookie class name/package

Short Description

Cookie category

Cookie type (session or permanent cookie)

Retention time (life time in case of permanent cookie)

Personal Data in the cookie (PD)

activeWorkspaceId

 

Determines the current workspace in order to generate a chat session using the correct Help Center organization.

Preferences/

Functional

permanent

Forever (local storage)

 

maintenanceSeen

 

Determines if a server maintenance message should be displayed to the user based on whether the user has dismissed it or not.

Preferences/

Functional

permanent

Forever (local storage)

 

sidebar

 

Determine if the sidebar should be open/closed based on the user’s last session.

Preferences/

Functional

permanent

Forever (local storage)

 

subscriptions

 

Determines the current workspace subscription in order to generate a chat session using the correct Help Center organization.

Preferences/

Functional

permanent

Forever (local storage)

 

ac_client_user_id

analytics-client-js

Stores the current userId from AC to track user.
Stores the current user's Analytics Cloud user ID so guest users can be tracked by Analytics Cloud as anonymous individuals and properly segmented.

Statistics/

Performance

permanent

Forever (local storage)

UserID

ac_client_identity

analytics-client-js

Stores the logged-in user ID, which can be empty or a SHA-256 hash generated with the email and userId, for Known Individual data.
Stores the current user's Analytics Cloud user ID (SHA-256 hash generated with the user's email and userId) so users with accounts can be tracked by Analytics Cloud as known individuals.

Statistics/

Performance

permanent

Forever (local storage)

 

ac_client_channel

analytics-client-js

Stores the Channel ID of the current website the user is accessing
Stores the Channel ID of the current website the user is accessing to send to Analytics Cloud.

Statistics/

Performance

permanent

Forever (local storage)

 

ac_message_queue_identity

analytics-client-js

Stores identities that have not yet been sent to the server. It can be an empty array or a queue of identities
Stores an array of identities that haven't yet been sent to Analytics Cloud so they can be sent when possible.

Statistics/

Performance

permanent

Forever (local storage)

 

ac_client_storage_version

analytics-client-js

Stores the current version of internal storage settings

Statistics/

Performance

permanent

Forever (local storage)

 

ac_client_context

analytics-client-js

Stores a group of properties that can be page or user properties. Each event submission uses the context to send information to the server
Stores a list of page and user properties to send to Analytics Cloud so event analysis can have necessary context.

Statistics/

Performance

permanent

Forever (local storage)

 

ac_client_batch

analytics-client-js

Stores a list of IDs to ensure that duplicate events are not sent to the backend.
Stores a list of the session's event IDs to avoid sending duplicate events to Analytics Cloud.

Statistics/

Performance

permanent

Forever (local storage)

 

ac_message_queue

analytics-client-js

Stores events that have not yet been sent to the server. It can be an empty array or an event queue.
Stores an array of events that haven't yet been sent to Analytics Cloud so they can be sent when possible.

Statistics/

Performance

permanent

Forever (local storage)

 

ac_client_previous_email_

address_hash

analytics-client-js

Stores the email ID of the logged in user, which can be empty or an SHA-256 cryptographic hash, it is used to identify whether the last logged in user is the same as the previous user and also assign the events of anonymous browsing to the user who just logged in to log in.
Stores the email ID of the last user to log in (SHA-256 hash) to identify whether the last user to log in is the same as the previous user and assign events from current session's anonymous browsing to this user.

Statistics/

Performance

permanent

Forever (local storage)

 

Liferay Cloud Console

Cookie name

Cookie class name/package

Short Description

Cookie category

Cookie type (session or permanent cookie)

Retention time (life time) in case of permanent cookie

Personal Data in the cookie (PD)

acess_token

JWT

Identifies the logged in user in the cloud console and cloud admin

Strictly necessary

session

session time

 

connect.sid

JWT

Identifies a single session in Express Server (backend)

Strictly necessary

session

session time

 

_hjSessionUser

 

Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool - Set when a user first lands on a page

Statistics

permanent

1 year

 

_hjIncludedInPageviewSample

 

Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool

Statistics

permanent

30 min

 

_hjSession

 

Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool - Holds current session data

Statistics

permanent

30 min

 

_hjFirstSeen

 

Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool - Identifies a new user’s first session

Statistics

session

session duration

 

_hjIncludedInSessionSample

 

Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool

Statistics

permanent

30 min

 

_hjAbsoluteSessionInProgress

 

Generated by hotjar (https://www.hotjar.com/ ) - online behavior analysis tool

Statistics

permanent

30 min

 

_gid

 

Generated by Google Analytics

Statistics

permanent

1 day

 

_ga

 

Generated by Google Analytics

Statistics

permanent

2 years

 

_gat_gtag_UA_*

 

Generated by Google Analytics

Statistics

permanent

1 min

 

__zlcmid

 

Generated by Zendesk to identify a users session

Statistics

 

 

 

SERVER_ID

 

Generated by the Webserver Service

Strictly necessary

session

 

 

 

Was this article helpful?
0 out of 0 found this helpful