Skip to main content


Cookie Usage in Web Applications



Cookie Usage in Web Applications


In compliance with directive 2009/136/EC of the European Parliament and of the Council, of 25.11.2009, users of web applications should be provided with clear and comprehensive information when engaging in an activity which results in storage of their information, such as cookies. Also, each country implements its own directives regarding this issue. You can find the official documentation here.

The remainder of this topic refers to OutSystems platform versions 5.0 and higher.
This content was last reviewed in 2017.

Cookies Usage

When someone visits a web application, a cookie is placed on the customer's machine (if the customer accepts cookies) or is read if the customer has previously visited the web application. Cookies are used to improve the usability of web applications, but can also be used for collecting metrics for generating visitor statistics, among others.

All applications developed with OutSystems use cookies to identify the user to improve the usability of the applications, for instance allowing automatic login into the applications or maintaining the pagination selected by the user.

Not Accepting Cookies

If you choose to not have your browser accept cookies from applications created with OutSystems, you will still be able to access screens of the application which do not require authentication and read their content. However, functionality may be limited. For applications created with OutSystems that require you to login with a username and password some or all functionalities may not be available if cookies are disabled.

Cookies Created

The following table describes the cookies used by OutSystems. Not only a list of cookies is described, but their detailed information such as size, duration and purpose.

Cookie Approx Size (Bytes) Expiration Description
ASP.NET_SessionId (.NET)
41 Session This cookie is set by the underlying technology (Microsoft ASP.NET) used to run the web application, or by OutSystems (Java).
osVisitor 45 never
The first time the end-user accesses the web server (accessing a web page from the server), a unique value is stored in this cookie. 
No association with actual user identity(ies) is done by the OutSystems platform.
osVisit 43 30 min
Each time the end-user accesses a web page and this cookie does not exist yet, the cookie is created and set with a unique value, representing that the visitor accessed the site. This cookie is set to expire after 30 minutes, so that if the visitor leaves the web application and then returns 30 minutes later, a new visit session is started. 
No association with an actual user identity(ies) is done by the OutSystems platform.
pageLoadedFromBrowserCache 30 Session Some applications may use this cookie to improve the user experience of the web application. It ensures that, in pages where a feedback message is displayed, if the users clicks the back button they will not be shown the same feedback messages again.
<web screen name>:<generated id>: <initial tab> 46 Session Some applications may use cookies with this naming convention to keep the pagination state in specific web pages.
<User Provider Name> 49 10 days Used by the Remember Login functionality in applications.
<User Provider Name>.sid 56 Session Used in conjunction with the Session Id cookie in order to prevent session fixation vulnerabilities.


This the list of the cookies created by default by OutSystems. Do not forget that your applications may explicitly implement additional cookies, and in such scenarios you need to disclose their purpose to the users.

Feel free to use this information on your own website, or link directly to this topic.