Cookies

How cookies are used

Measuring website usage (Google Analytics)

We use Google Analytics software to collect information about how you use the site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements.

Google Analytics stores information about:

We don’t collect or store your personal information (for example your name or address) so this information can’t be used to identify who you are.

We don’t allow Google to use or share our analytics data.

Google Analytics sets the following cookies:

Universal Analytics

Name Purpose Expires
_ga This helps us count how many people visit by tracking if you’ve visited before 2 years
_gid This helps us count how many people visit by tracking if you’ve visited before 24 hours

Login to the web application and verification of user

Name Purpose Expires
AspNetCore.Antiforgery (Two cookies) ASP.NET core, anti-forgery. Prevents cross-site request forgery (also known as XSRF or CSRF) which is an common attack against web apps that store authentication tokens in cookies Session
AspNetCore.Identity.Application Serialised version of the user details in form of claims to identify the client Session
AspNetCore.Session Used to track and identify requests from a single browser. Persists data across requests from the client to the server Session
Reflect.Session Holds information which is used by the app during navigation within the site Session

Our Accept Cookies Agreement Message

When you initially visit the site you will be required to agree to our cookie policy by stating your understanding, a message will displayed informing you of how we use cookies on the site, a button is provided to confirm that you understand.

Name Purpose Expires
.AspNet.Consent Confirms that the user understand how we use cookies and stops the message from displaying 1 year

When you login two cookies are set one which confirms that you are currently logged in and the other that the current session belongs to you, the second is there to prevent a malicious user from being able to hijack your session this is by using a randomly generated token, when someone tries to hijack the session a new token is generated which does not match the token on your pc this to prevent them from using your session.

The login cookie contains your username (email address), password and the value of the "Remember me" checkbox in an encrypted value field, the date on which the cookie will expire (the login cookie is set to expire when you logout or close your browser), The domain that the cookie is associated with Reflect,the date on which the cookie was created and whether the connection require SSL i.e. could only be accessed at a https adddress.