Cookies in Kentico CMS (Changes to the rules on using cookies)

This article deals with the necessity of the cookie information required by a new law on cookies in United Kingdom. Here you can find a list of cookies which are being used in Kentico CMS. For more info please see the following article which describes this regulation nicely: Cookie law makes most UK websites illegal: what you need to know.
The law which applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device changed on 26 May 2011.
Please find the list below. Just a note, there are mentioned typical value types in the brackets. The expiration time which is being set for particular cookie is shown in the square brackets.
ASP.NET_SessionId - standard ASP.NET cookie containing the user's session ID.
ASPXFORMSAUTH (encrypted authentication ticket)[DateTime.Now.AddMinutes(timeOut/session.timeout) - where the timeout is the web.config parameter / DateTime.Now.AddYears(1) - if the Remember me checkbox is set on] - authentication ticket cookie.
CMSPreferredCulture (culture code)[DateTime.Now.AddYears(1)] - the user preferred culture.
CMSPreferredUICulture (culture code)[DateTime.Now.AddYears(1)] - the user preferred UI Culture.
ViewMode (int)[DateTime.Now.AddDays(1)] - different number value for the Design mode, Live site, etc.
VisitorStatus (int)[DateTime.Now.AddYears(1)] - sets the visitor status (unknown/first visit/more visits).
CurrentVisitStatus (int)[DateTime.Now.AddHours(23)] - current visit status (throughout current day).
PropertyTab (int)[DateTime.Now.AddDays(1)] - current property tab.
CMSShoppingCart (GUID)[DateTime.Now.AddYears(1)] - shopping cart GUID.
CMSMobileRedirected (true/false)[DateTimeHelper.ZERO_TIME] - sets the redirected cookie to see what device is being used.
CurrentTheme (current CSS stylesheet Name)[DateTime.Now.AddDays(1)] - current theme cookie.
Campaign (campaign string)[DateTime.Now.AddDays(1)] - User campaign reference.
UrlReferrer (url string)[DateTime.Now.AddDays(1)] - User URL referrer.
DisplayContentInDesignMode (true/false)[DateTime.Now.AddYears(1)] - If true, web part content should be displayed in design mode.
FormState (int - id)[DateTime.Now.AddMinutes(10)] - For a check if the form state needs to be restored.
VotedPolls (ints and pipes)[DateTime.Now.AddYears(1)] - content will be list of the poll codenames user already voted to; separated by pipes.
DocRated (ints and pipes)[DateTime.Now.AddYears(1)] - stores rated document IDs; separated by pipes.
PostAnswer (string and colon)[DateTime.Now.AddMonths(1)] - list of answers.
UserWords (strings with pipes)[DateTime.Now.AddMonths(1)] - stores user words for the SpellChecker; separated by pipes.
FACEBOOK (cookies are being set via the Facebook application): <apiKey> - value from the Settings in the Site Manager - Site Manager -> Settings -> Facebook Connect
<apiKey>_expires (hash)[at the end of relation] - When the current session expires. This is usually an hour or two after it's granted. If it's 0, then it means the session does not expire.
<apiKey>_session_key (hash)[at the end of relation] - The current session. This is used to make API requests.
<apiKey>_ss (hash)[at the end of relation] - The session secret. This prevents someone who knows your session key from using the session.
<apiKey>_user (hash)[at the end of relation] - The user ID of the currently logged in user.
<apiKey> (hash)[at the end of relation] - The signature, which will be generated from all other parameters.
fbsetting_<apiKey> (hash)[1day] - The last cookie is not related to the signature validation (which is why it does not start with the APIKEY prefix). It is used to cache the login state between page loads, so that the XFBML rendering does not have to wait for a round trip to Facebook before starting.
WINDOWS LIVE ID (cookies are being set via the application)
MSPAuth (hash)[the end of the relation]
MSPProf (hash)[the end of the relation]
(the complete list is based on the Windows Live ID application)
OPEN ID (cookies are being set via the application)
__openid_selector_uname (string)[1 year]
__openid_selector_op_id (int)[1 year]
__openid_selector_openid (string login URL)[1 year]

See also:

Applies to: 5.5R2
Share this article on   LinkedIn