Document Tree
Document Properties
Kbid
29583E
Last Modified
10-Mar-2025
Added to KB
29-Jul-2020
Public Access
Everyone
Status
Online
Doc Type
Concepts
Product
  • ICM 12
  • ICM 13
HomeKnowledge Base29583E
Share this document
Concept - GDPR Cookie Content

Table of Contents

Introduction

This concept is intended for developers who want to learn more about the contents of Intershop's cookies.

References

Cookie Content

All cookie configurations can be adjusted to meet the privacy and security needs of our customers.

The following table lists all cookies used in the standard product. Please note that customization of Intershop Commerce Management may extend this list. In addition, optional features such as Google Tag Manager may introduce additional cookies that are not part of this document.

Name

Cookie

Content

Description

No User-Related Content

Expiration

HttpOnly

ReadOnly (cookie is never modified)

Secure

Same-Site

Optional

Session Cookie

sid

hash

  • Browser session identification

  • Allow switching HTTP and HTTPS 

  • Allow over login/logout

(tick)

session

(tick)

(tick)

(tick)

(tick)strict

(*)

(minus)

Authentication Cookie

SecureSessionID-<site-id>

user ref

  • Reference to authenticated user

(info) Contains reference to user

(tick) Does not contain login/password/name of user/addresses

depends on configuration value intershop.session.securetoken.cookie.maxage

(tick)

(tick)

(tick)

(tick)strict

(*)

(minus)

Personalization Cookie

pgid-<site-name>

hash

  • Hash of personalization information

  • Used to cache pages or snippets for users with same personalization information

(tick) Hash does not reference any user or user/customer group

session

(tick)

(tick)

(tick)

(tick)strict

(minus)

Basket Cookie

cc-<cart-id>

cart ref

  • References a cart for anonymous users

(info) Contains reference to cart

(tick) Does not contain login/password/name of user/addresses

depends on domain preference BasketLifetime

(tick)

(tick)

(tick)

(tick)strict

(minus)

A/B-Test Cookie

<configured-value>-<ab-test-id>

ab-test-group ref

  • Provides test-group-specific content (also for anonymous users)

(tick)

session

depends on configuration value intershop.abtest.cookie.httpOnly

(minus)

depends on configuration value
intershop.abtest.cookie.secure

(tick)strict

(info) Mandatory for feature

Recently Viewed Items

rvdata-<domain?>-products

product refs


(tick)

depends on domain preference RecentlyViewedItemsLifetime

depends on configuration value
intershop.basket.cookie.httpOnly

(minus)

depends on configuration value
intershop.basket.cookie.secure

(tick)strict

(info) Mandatory for feature

REST API Bridge

apiToken

cart or user ref

  • Provides a functionality to switch between REST-based and HTML-based rendering

(info) Contains reference to user

depends on configuration value intershop.apitoken.cookie.maxage

(minus)

(tick)

depends on configuration value
intershop.apitoken.cookie.sslmode

(tick)strict

(info) Mandatory for feature

Display Switch

cookie_test

nothing

  • Used to show overlay information for users, which does not allow cookies at all

(tick)

session

(minus)

(tick)

(tick)

(tick)strict

Part of demo template Set CookiesDisabledOverlay.isml 

OpenID Connect State

oidc_state


actual OIDC state, organization name, identity provider id

  • Used to transfer some state between redirect to identity provider and back to ICM

  • Removed after redirection to ICM

  • Configurable using  intershop.authentication.oidc.stateCookieName

(info) Contains reference to user's organization

(tick) Does not contain login/password/name of user/addresses

session

(tick)

(tick)

(tick)

(tick)strict

(*)

(info) Mandatory for feature

The table contains the default values for cookies. See Guide - Secure URLs Only for information on using secure session and PGID cookies.

*) The SameSite value of the cookies marked with an asterisk in the list above can be configured since ICM 12.4.

Each of the appropriate configuration properties is defined as follows:

  • Type: enum string

  • Allowed values: strict, lax, none

  • Mandatory: false

  • Default value: lax

Cookie

Configuration Property Key

sid

with intershop.webadapter.enabled=true:

session.SIDCookie resp. session.SIDCookie.<siteName>

(this property requires a full HTTP header string)

otherwise:

intershop.webadapter.sessionId.cookie.sameSiteValue

SecureSessionID-<site-id>

intershop.session.securetoken.cookie.sameSiteValue

oidc_state

intershop.authentication.oidc.stateCookieSameSiteValue

Related to Cookie Data

Cookies are intended to reference data in the application (database). The access to the database is limited.

Cookie Stored Reference to Object

Referenceable Data in Database

user

shipping, billing addresses, login, orders, customer

cart

shipping, billing addresses

a/b test group

list of users/customers

Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Home
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to supportadmin@intershop.de if you experience login issues,
or if you want to register as customer.