In compliance with directive 2009/136/EC of the European Parliament and of the Council, of 25.11.2009, users of web applications should be provided with clear and comprehensive information when engaging in an activity which results in storage of their information, such as cookies. Also, each country implements its own directives regarding this issue. You can find the official documentation here.
The remainder of this topic refers to OutSystems platform versions 5.0 and higher.
This content was last reviewed in 2017.
When someone visits a web application, a cookie is placed on the customer's machine (if the customer accepts cookies) or is read if the customer has previously visited the web application. Cookies are used to improve the usability of web applications, but can also be used for collecting metrics for generating visitor statistics, among others.
Not Accepting Cookies
If you choose to not have your browser accept cookies from applications created with OutSystems, you will still be able to access screens of the application which do not require authentication and read their content. However, functionality may be limited. For applications created with the Agile Platform that require you to login with a username and password some or all functionalities may not be available if cookies are disabled.
The following table describes the cookies used by OutSystems. Not only a list of cookies is described, but their detailed information such as size, duration and purpose.
|Cookie||Approx Size (Bytes)||Expiration||Description|
|41||Session||This cookie is set by the underlying technology (Microsoft ASP.NET) used to run the web application, or by OutSystems (Java).|
The first time the end-user accesses the web server (accessing a web page from the server), a unique value is stored in this cookie.
No association with actual user identity(ies) is done by OutSystems platform.
Each time the end-user accesses a web page and this cookie does not exist yet, the cookie is created and set with a unique value, representing that the visitor accessed the site. This cookie is set to expire after 30 minutes, so that if the visitor leaves the web application and then returns 30 minutes later, a new visit session is started.
No association with an actual user identity(ies) is done by OutSystems platform.
|pageLoadedFromBrowserCache||30||Session||Some applications may use this cookie to improve the user experience of the web application. It ensures that, in pages where a feedback message is displayed, if the users clicks the back button they will not be shown the same feedback messages again.|
|<User Provider Name>||49||10 days||Used by the Remember Login functionality in applications.|
|<User Provider Name>.sid||56||Session||Used in conjunction with the Session Id cookie in order to prevent session fixation vulnerabilities.|
This the list of the cookies created by default by OutSystems. Do not forget that your applications may explicitly implement additional cookies, and in such scenarios you need to disclose their purpose to the users.
Feel free to use this information on your own web site, or link directly to this topic.