Cookie Usage in Web Applications

João Fino Frade

Discussion

This article was moved to an entry in the Support Knowledge Base. You can find the updated content at www.outsystems.com/goto/cookie-usage.

The original post was kept for reference reasons, but is no longer certified and should not be used as the reference material.

In compliance with directive 2009/136/EC of the European Parliament and of the Council, of 25.11.2009, users of web applications should be provided with clear and comprehensive information when engaging in an activity which results in storage of their information, such as cookies. Also, each country implements its own directives regarding this issue. You can find the official documentation here.

The remainder of this topic refers to Agile Platform version 5.0 and higher.

Cookies Usage

When someone visits a web application, a cookie is placed on the customer's machine (if the customer accepts cookies) or is read if the customer has previously visited the web application. Cookies are used to improve the usability of web applications, but can also be used for collecting metrics for generating visitor statistics, among others.

All applications developed with the Agile Platform use cookies to identify the user to improve the usability of the applications, for instance allowing automatic login into the applications or maintaining the pagination selected by the user.

Not Accepting Cookies

If you choose to not have your browser accept cookies from applications created with the Agile Platform, you will still be able to access screens of the application which do not require authentication and read their content. However, functionality may be limited. For applications created with the Agile Platform that require you to login with a username and password some or all functionalities may not be available if cookies are disabled.

Cookies Created

The following table describes the cookies used by the Agile Platform. Not only a list of cookies is described, but their detailed information such as size, duration and purpose.

Cookie	Approx Size (Bytes)	Expiration	Description
ASP.NET_SessionId	41	Session	This cookie is set by the underlying technology (Microsoft ASP.NET) used to run the web application.
osVisitor	45	never	The first time the end-user accesses the web server (accessing a web page from the server), a unique value is stored in this cookie. No association with actual user identity(ies) is done by the OutSystems Platform.
osVisit	43	30 min	Each time the end-user accesses a web page and this cookie does not exist yet, the cookie is created and set with a unique value, representing that the visitor accessed the site. This cookie is set to expire after 30 minutes, so that if the visitor leaves the web application and then returns 30 minutes later, a new visit session is started. No association with an actual user identity(ies) is done by the OutSystems Platform.
pageLoadedFromBrowserCache	30	Session	Some applications may use this cookie to improve the user experience of the web application. It ensures that, in pages where a feedback message is displayed, if the users clicks the back button they will not be shown the same feedback messages again.
<web screen name>:<generated id>: <initial tab>	46	Session	Some applications may use cookies with this naming convention to keep the pagination state in specific web pages.

This the list of the cookies created by default by the Agile Platform. Do not forget that your applications may explicitly implement additional cookies, and in such scenarios you need to disclose their purpose to the users.

Feel free to use this information on your own web site, or link directly to this topic.

02 Jan 2013

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines