centersl/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-03-26 13:28:45 +07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14096 from nextcloud/artonge/fix/cookies_description

Browse Source 
Improve the description of the cookies.
This commit is contained in:
Louis
2026-02-27 15:49:52 +01:00
committed by GitHub
parent 124b1a8fcf 427df6c5bc
commit 438f159c52
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
admin_manual/gdpr/cookies.rst
View File

@@ -13,20 +13,20 @@ Nextcloud only stores cookies needed for Nextcloud to work properly. All cookies
Cookies stored by Nextcloud
===========================
==================== ==================================== ================
Cookie Data Stored Lifetime
==================== ==================================== ================
Session cookie - session ID 24 minutes
- secret token (used to decrypt
the session on the server)
Same-site cookies no user-related data are stored, forever
all same-site cookies are the same
for all users on all Nextcloud
instances
Remember-me cookie - user id 15 days (can be
- original session id configured)
- remember token
==================== ==================================== ================
===================== ====================================== ============================== ================================= ============================= =======================================
Type Name Value Purpose Creation Lifetime
===================== ====================================== ============================== ================================= ============================= =======================================
Session cookie ``<instance_id>`` A random PHP session ID. | Used to identify the user At first load. At the end of the browser's session.
| on the server.
Session cookie ``oc_sessionPassphrase`` A random token. | Used to decrypt the session's At first load. At the end of the browser's session.
| data on the server.
Same-site cookies ``__Host-nc_sameSiteCookiestrict`` ``true`` See note below for the purpose. At first load. Forever.
Same-site cookies ``__Host-nc_sameSiteCookielax`` ``true`` See note below for the purpose. At first load. Forever.
Remember-me cookies - ``nc_username`` - The user id | At login if the | Defaults to 15 days.
- ``nc_token`` - A random remember me token | user selected the | Can be configured by setting:
- ``nc_session_id`` - The original session id | Remember-me checkbox. | ``remember_login_cookie_lifetime``.
Download helper ``ocDownloadStarted`` A random token. Help to manage file download. When a download is started. 20 seconds.
===================== ====================================== ============================== ================================= ============================= =======================================
The same-site cookies are used to determine how a request reaches the Nextcloud server. We use them to prevent CSRF attacks. No identifiable information is stored in those.
The rest of the cookies are strictly used to identify the user to the system.