Cookies used by Sitecore

Current version: 10.3

Sitecore Experience Platform issues cookies to website visitors and client users. The following tables describe the purpose of each cookie and link to configuration options where applicable.

Note

For a list of the cookies used by the Sitecore Content Hub, see Cookie usage.

Sitecore visitor cookies

The following cookies can be issued to website visitors:

Cookie name

Description

Configuration options

sxa_site

Functional cookie. Stores the name of the context site. Used by the Sitecore Experience Accelerator for wireframe images.

Sample value: docsite

privacy-notification

Used by the Sitecore Experience Accelerator only. Expiry is set to 1 year.

Used by SXA privacy component.

Note

The privacy component only sets a cookie - it does not disable tracking or any other forms of processing if consent is revoked.

sc_test_combination

Used by the Experience Optimization feature to store information about the test variant used on the current page.

SC_ANALYTICS_GLOBAL_COOKIE

Sitecore's analytics cookie. Stores an ID that represents the device (issued by Sitecore) and a true/false value indicating whether visitor classification was guessed (robot or not robot). Used by the tracker to identify a returning contact. Only issued if tracking is enabled.

Sample value: 26c532a61c5247719cc8b68b0c41f7e4|False

Note

Customization is required to disable tracking on a per-visitor basis and prevent Sitecore from creating the cookie.

Configure cookie lifetime

SC_TRACKING_CONSENT

Sitecore's tracking consent cookie. Available in Sitecore 10 and later.

Enable or disable web tracking based on visitor consent

ASP.NET_SessionId

The default ASP.NET session ID cookie.

Configured on the sessionState element in web.config.

__RequestVerificationToken

The default ASP.NET anti-XSRF cookie.

{website}#lang

Stores context language of the current site.

Sample value: docsite#en

SXA Storefront cookies

See Privacy and consent with SXA Storefront.

Sitecore client user cookies

The following cookies are issued to users of the Sitecore client interfaces (for example, the Experience Editor):

Cookie name

Description

.aspnet.cookies

Authentication cookie. Set for Sitecore client users if you use Sitecore.Owin.Authentication.

.aspnet.cookies.preview

Authentication cookie. Set for Sitecore client users in Preview mode if you use Sitecore.Owin.Authentication.

sc_rotated_simulator_id

Used by device preview mode.

sc_simulator_id

Used by device preview mode.

sc_date

Used by Experience Editor for previewing and setting date and time in Editor Mode.

sc_pview_shuser

Preview Shell User Cookie used when accessing the shell site during preview.

sc_rte_shuser

RTE Shell User Cookie used to set up Editor.

scContentEditorFolders

State of the “Content tree” option (check box), located on the ribbon of Content Editor.

scContentEditorFoldersWidth

Width of the content tree panel in the Content Editor. Appears after resizing by a user.

lang

Usually refers to Sitecore item’s language or Sitecore client language.

fileDownloadToken{...}

Used for the file upload/download interface. For internal use only.

messageLanguage

Preserves the selected language for a message. For internal use only.

{website}#lang

Sitecore’s client language.

{website}#sc_mode

Used by Experience Editor to indicate Edit, Preview, or Normal mode.

{website}#sc_date

Used by Experience Editor to set or get the value from the Date or DateTime field.

{website}#sc_debug

Used by Experience Editor to indicate Debug mode.

{website}#sc_prof

Used by Experience Editor to enable or disable profiling.

{website}#sc_rb

Used by Experience Editor to enable or disable borders.

{website}#sc_ri

Used by Experience Editor to enable or disable Sitecore Information.

{website}#sc_trace

Used by Experience Editor to enable or disable Sitecore Trace.

.ASPXAUTH

Default authentication cookie if you do not use Sitecore.Owin.Authentication.

sitecore_userticket

Sitecore license assumes a limited number of concurrent users (tickets). Sitecore keeps track of every user logged in to the system and assigns a Sitecore user ticket to each.

sitecore_starturl

Start page URL for the Shell site.

__CSRFCOOKIE

Protection against cross-site request forgery (CSRF) attacks.

sc_fv

Shockwave Flash version.

sc_last_page_mode_command

Used by Experience Editor to indicate last page mode.

experienceeditor_deviceId

Used by Experience Editor, Cookie for Device Id-

sitecore_floatie_state

Position preferences of the Floatie form.

utcOffset

For internal use only.

Do you have some feedback for us?

If you have suggestions for improving this article,