ExpressionEngine 1.x cookies ======================= This document outlines all of the cookies use by ExpressionEngine 1.x. With the [EU cookie law](http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx) coming into force on May 26th, it's important to know what cookies are set, which are 'essential' and why they are there. Hopefully this will help advise your decision process when altering your site to adhere. I haven't yet gotten to any special addons etc. or even forums or comments. Please do fork and and send pull requests if you'd care to add anything. Non essential ------------------------ ### exp_last_visit Sets the datetime that the user last visited the site, and is set for both guests and logged in users. If not set, is automatically set to 10 years ago. Affects guests and logged in users. ### exp_tracker Tracks the last 5 pages viewed by the user, and is used primarily for redirection after logging in etc. Affects guests and logged in users. Essential ------------------------ ### exp_last_activity Every time the state is updated (the page reloaded) the last activity is set to the current datetime. Used to determine expiry. This is essential for logged in users, but not for guests - it is set for both. ### exp_sessionid A uniquely generated ID that corresponds to the `session_id` column in the `exp_session` table. Used when cookie and session are set as the session type. Used only for logged in members. ### exp_uniqueid Matches the `unique_id` field in the `exp_members` table. Randomly generated by the `FNS` class at registration. Used only for logged in members. ### exp_userhash The encrypted password of the currently logged in user. Set if you choose the cookies _and_ session ID method for sessions (`cs` in your config.) Used only for logged in members. ### exp_anon A flag set by the user to determine if they are listed in the online users. ### exp_expiration Determines the length of the session for a logged in user. There are two options for this cookie: if the user has selected _remember me_ then it is set to 1 year, and if not then it's set to the datetime that the user logged in. Used only for logged in members.