We use Google Analytics software to collect information about how you use the site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.
Google Analytics stores information about:
We don’t collect or store your personal information (for example your name or address) so this information can’t be used to identify who you are.
We don’t allow Google to use or share our analytics data.
Google Analytics sets the following cookies:
| Name | Purpose | Expires |
|---|---|---|
| _ga | This helps us count how many people visit by tracking if you’ve visited before | 2 years |
| _gid | This helps us count how many people visit by tracking if you’ve visited before | 24 hours |
| Name | Purpose | Expires |
|---|---|---|
| AspNetCore.Antiforgery | (Two cookies) ASP.NET core, anti-forgery. Prevents cross-site request forgery (also known as XSRF or CSRF) which is an common attack against web apps that store authentication tokens in cookies | Session |
| AspNetCore.Identity.Application | Serialised version of the user details in form of claims to identify the client | Session |
| AspNetCore.Session | Used to track and identify requests from a single browser. Persists data across requests from the client to the server | Session |
| Reflect.Session | Holds information which is used by the app during navigation within the site | Session |
When you initially visit the site you will be required to agree to our cookie policy by stating your understanding, a message will displayed informing you of how we use cookies on the site, a button is provided to confirm that you understand.
| Name | Purpose | Expires |
|---|---|---|
| .AspNet.Consent | Confirms that the user understand how we use cookies and stops the message from displaying | 1 year |
When you login two cookies are set one which confirms that you are currently logged in and the other that the current session belongs to you, the second is there to prevent a malicious user from being able to hijack your session this is by using a randomly generated token, when someone tries to hijack the session a new token is generated which does not match the token on your pc this to prevent them from using your session.
The login cookie contains your username (email address), password and the value of the "Remember me" checkbox in an encrypted value field, the date on which the cookie will expire (the login cookie is set to expire when you logout or close your browser), The domain that the cookie is associated with Reflect,the date on which the cookie was created and whether the connection require SSL i.e. could only be accessed at a https adddress.