From 427df6c5bc62e0a93870cf0b928622e3ac7ac273 Mon Sep 17 00:00:00 2001 From: Louis Chmn Date: Fri, 27 Feb 2026 11:30:28 +0100 Subject: [PATCH] fix: Improve the description of the cookies. Signed-off-by: Louis Chmn --- admin_manual/gdpr/cookies.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/admin_manual/gdpr/cookies.rst b/admin_manual/gdpr/cookies.rst index 74d34163a..c73bd3a08 100644 --- a/admin_manual/gdpr/cookies.rst +++ b/admin_manual/gdpr/cookies.rst @@ -13,20 +13,20 @@ Nextcloud only stores cookies needed for Nextcloud to work properly. All cookies Cookies stored by Nextcloud =========================== -==================== ==================================== ================ - Cookie Data Stored Lifetime -==================== ==================================== ================ - Session cookie - session ID 24 minutes - - secret token (used to decrypt - the session on the server) - Same-site cookies no user-related data are stored, forever - all same-site cookies are the same - for all users on all Nextcloud - instances - Remember-me cookie - user id 15 days (can be - - original session id configured) - - remember token -==================== ==================================== ================ +===================== ====================================== ============================== ================================= ============================= ======================================= + Type Name Value Purpose Creation Lifetime +===================== ====================================== ============================== ================================= ============================= ======================================= + Session cookie ```` A random PHP session ID. | Used to identify the user At first load. At the end of the browser's session. + | on the server. + Session cookie ``oc_sessionPassphrase`` A random token. | Used to decrypt the session's At first load. At the end of the browser's session. + | data on the server. + Same-site cookies ``__Host-nc_sameSiteCookiestrict`` ``true`` See note below for the purpose. At first load. Forever. + Same-site cookies ``__Host-nc_sameSiteCookielax`` ``true`` See note below for the purpose. At first load. Forever. + Remember-me cookies - ``nc_username`` - The user id | At login if the | Defaults to 15 days. + - ``nc_token`` - A random remember me token | user selected the | Can be configured by setting: + - ``nc_session_id`` - The original session id | Remember-me checkbox. | ``remember_login_cookie_lifetime``. + Download helper ``ocDownloadStarted`` A random token. Help to manage file download. When a download is started. 20 seconds. +===================== ====================================== ============================== ================================= ============================= ======================================= The same-site cookies are used to determine how a request reaches the Nextcloud server. We use them to prevent CSRF attacks. No identifiable information is stored in those. The rest of the cookies are strictly used to identify the user to the system.