Concept - GDPR Cookie Content

Introduction

This concept is intended for developers who want to learn more about the contents of Intershop's cookies.

References

Cookie Content

All cookie configurations can be adjusted to meet the privacy and security needs of our customers.

The following table lists all cookies used in the standard product. Please note that customization of Intershop Commerce Management may extend this list. In addition, optional features such as Google Tag Manager may introduce additional cookies that are not part of this document.

Name	Cookie	Content	Description	No User-Related Content	Expiration	HttpOnly	Secure	Same-Site	Optional
Session Cookie	sid	hash	Browser session identification Allow switching HTTP and HTTPS Allow over login/logout		session			`strict`
Authentication Cookie	SecureSessionID-<site-id>	user ref	Reference to authenticated user	Contains reference to user Does not contain login/password/name of user/addresses	depends on configuration value `intershop.session.securetoken.cookie.maxage`			`strict`
Personalization Cookie	pgid-<site-name>	hash	Hash of personalization information Used to cache pages or snippets for users with same personalization information	Hash does not reference any user or user/customer group	session			`strict`
Basket Cookie	cc-<cart-id>	cart ref	References a cart for anonymous users	Contains reference to cart Does not contain login/password/name of user/addresses	depends on domain preference `BasketLifetime`			`strict`
A/B-Test Cookie	<configured-value>-<ab-test-id>	ab-test-group ref	Provides test-group-specific content (also for anonymous users)		session	depends on configuration value `intershop.abtest.cookie.httpOnly`	depends on configuration value `intershop.abtest.cookie.secure`	`strict`	Mandatory for feature
Recently Viewed Items	rvdata-<domain?>-products	product refs			depends on domain preference `RecentlyViewedItemsLifetime`	depends on configuration value `intershop.basket.cookie.httpOnly`	depends on configuration value `intershop.basket.cookie.secure`	`strict`	Mandatory for feature
REST API Bridge	apiToken	cart or user ref	Provides a functionality to switch between REST-based and HTML-based rendering	Contains reference to user	depends on configuration value `intershop.apitoken.cookie.maxage`		depends on configuration value `intershop.apitoken.cookie.sslmode`	`strict`	Mandatory for feature
Display Switch	cookie_test	nothing	Used to show overlay information for users, which does not allow cookies at all		session			`strict`	Part of demo template Set CookiesDisabledOverlay.isml
OpenID Connect State	oidc_state	actual OIDC state, organization name, identity provider id	Used to transfer some state between redirect to identity provider and back to ICM Removed after redirection to ICM Configurable using `intershop.authentication.oidc.stateCookieName`	Contains reference to user's organization Does not contain login/password/name of user/addresses	session			`strict`	Mandatory for feature

The table contains the default values for cookies, see Guide - Secure URLs Only to use secure session and PGID cookies.

Related to Cookie Data

Cookies are intended to reference data in the application (database). The access to the database is limited.

Cookie Stored Reference to Object	Referenceable Data in Database
user	shipping, billing addresses, login, orders, customer
cart	shipping, billing addresses
a/b test group	list of users/customers

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Table of Contents

Introduction

References

Cookie Content

Related to Cookie Data