Concept - GDPR Cookie Content

Table of Contents

Product Version


Product To Version



The present concept is addressed to developers who want to learn more about Intershop's cookie content.


Cookie Content

In order to fulfill the privacy and data security requirements of our customers, all cookie configurations can be adapted to the need of the customer.

The following table contains all used cookies of the standard product. Please keep in mind that the customization of Intershop Commerce Management can extend this list. Additionally, optional features like Google Tag Manager can introduce additional cookies, these are not part of this document.

NameCookieContentDescriptionNo User-Related ContentSessionHostOnlyReadOnlySecureOptional
Session Cookiesidhash
  • Browser session identification
  • Allow switching http and https 
  • Allow over login/logout
Authentication CookieSecureSessionID-<site-id>user ref
  • Reference to authenticated user

(info) Contains reference to user

(tick) Does not contain login/password/name of user/addresses

Personalization Cookiepgid-<site-name>hash
  • Hash of personalization information
  • Used to cache pages or snippets for users with same personalization information
(tick) Hash does not reference any user or user/customer group(tick)(tick)(tick)(minus)(minus)
Basket Cookiecc-<cart-id>cart ref
  • References a cart for anonymous users

(info) Contains reference to cart

(tick) Does not contain login/password/name of user/addresses

A/B-Test Cookie<configured-value>-<ab-test-id>ab-test-group ref
  • Provides test-group-specific content (also for anonymous users)

(info) Mandatory for feature
Recently Viewed Itemsrvdata-<domain?>-productsproduct refs

(info) Mandatory for feature
REST API BridgeapiTokencart or user ref
  • Provides a functionality to switch between REST-based and HTML-based rendering

(info) Contains reference to user

(info) Contains reference to cart

(info) Mandatory for feature
Display Switch


  • Used to show overlay information for users, which does not allow cookies at all

Part of demo template Set CookiesDisabledOverlay.isml 
OpenID Connect State


actual oidc state, organization name, identity provider id
  • Used to transfer some state between redirect to identity provider and back to ICM
  • Removed after redirection to ICM
  • Configurable using  intershop.authentication.oidc.stateCookieName

(info) Contains reference to user's organization

(tick) Does not contain login/password/name of user/addresses

(tick)(info) Mandatory for feature

Related to Cookie Data

Cookies are intended to reference data in the application (database). The access to the database is limited.

Cookie Stored Reference to ObjectReferenceable Data in Database
usershipping, billing addresses, login, orders, customer
cartshipping, billing addresses
a/b test grouplist of users/customers

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources