This topic describes the cookies used by Episerver CMS.
How it works
Cookies are used for various types of website tracking, for example browser sessions.
Episerver CMS uses the following cookies:
|ASP.NET_SessionId||Strictly necessary. Session cookie sent to the web browser. Used when you open the browser and go to a website that implements ASP.NET session state. Required to identify requests from the same browser during a limited session time window when browsing the website.This cookie is deleted when you close your browser.|
|EPi:NumberOfVisits||Functionality-related. Stores the number of times you access pages on the site to allow personalization of content based on the frequency the site content is viewed. Used with the Number of Visits personalization criterion. This cookie is not set if you remove it from all of your visitor groups. Persistent (1 year from creation).|
|.EPiServerLogin, EPiDPCKEY, .ASPXRoles||Strictly necessary. Only used if you log in to a website. You should clearly state on the login page that cookies are used if you log in. Allows for login/access and permissions when using the CMS interface. This cookie is deleted when you close your browser.|
|__epiXSRF & __RequestVerificationToken & __RequestVerificationToken||Strictly necessary. Used by the Episerver security components. Protects the user against cross-site request forgery (XSRF). Used only by the CMS UI. This cookie is deleted when you close your browser.|
|ImageEditorFileSize||Used by the Image Editor.|
|_utma, _utmb, _utmc, _utmz||Google Analytics cookies that are commonly used on Episerver websites. These third-party cookies are used to collect information about how visitors use the website.|
Protecting visitors' privacy
According to EU directives, website owners are responsible for informing visitors about cookies used on the site. See Protecting Your Visitors’ Privacy According to EU Directive on Cookies.
Last updated: Oct 27, 2016