Our website is built with Craft CMS, here you can find default cookies Craft CMS uses and some context into what they’re used for.
Craft relies on PHP sessions to maintain sessions across web requests. That is done via the PHP session cookie. Craft names that cookie “CraftSessionId” by default, but it can be renamed via the phpSessionName config setting. This cookie will expire as soon as the session expires.
Control Panel Authentication
When you log into the control panel, you’ll get an authentication cookie used to maintain your authenticated state. The cookie name is prefixed with a long, randomly generated string, followed by _identity. The cookie only stores information necessary to maintain a secure, authenticated session and will only exist for as long as the user is authenticated in Craft.
If the enableCsrfProtection and enableCsrfCookie config settings are enabled, then a cookie named CRAFT_CSRF_TOKEN will be created to facilitate CSRF protection. It can be changed via the csrfTokenName config setting and will expire as soon as the PHP session expires.
Remembering Username on Login Duration
If the rememberUsernameDuration config setting is set to anything besides 0, a cookie will be created with a name that is prefixed with a long, randomly generated string, followed by _username. That cookie will exist for the given duration to remember the username on the login form.
Craft Cookies and GDPR
For GDPR purposes, please note that Craft’s default cookies do not collect any personal or sensitive information. Craft’s default cookies do not collect IP addresses. The information they store is not sent to Pixel & Tonic or any third parties.
Craft’s default cookies are only used to communicate with your Craft installation for the purposes of user authentication, form validation/security, and basic web application operations.