In compliance with directive 2009/136/EC of the European Parliament and of the Council, of 25.11.2009, users of web applications should be provided with clear and comprehensive information when engaging in an activity which results in storage of their information, such as cookies. Also, each country implements its own directives regarding this issue. You can find the official documentation here.
This topic applies to OutSystems versions 5.0 and higher.
When someone visits a web application, a cookie is placed on the customer's machine (if the customer accepts cookies) or is read if the customer has previously visited the web application. Cookies are used to improve the usability of web applications, but can also be used for collecting metrics for generating visitor statistics, among others.
Not accepting cookies
If you choose to not have your browser accept cookies from applications created with OutSystems, you will still be able to access screens of the application which do not require authentication and read their content. However, functionality may be limited. For applications created with OutSystems that require you to login with a username and password some or all functionalities may not be available if cookies are disabled.
The following table describes the cookies used by OutSystems. A list of cookies is described along with their detailed information such as size, duration, and purpose.
|Cookie||Approx Size (Bytes)||Expiration||Description|
|ASP.NET_SessionId (.NET)OSSESSIONID (Java)||41||Session||This cookie is set by the underlying technology (Microsoft ASP.NET) used to run the web application, or by OutSystems (Java).|
|osVisitor||45||Never||The first time the end-user accesses the web server (accessing a web page from the server), a unique value is stored in this cookie. No association with actual user identity(ies) is done by OutSystems.|
|osVisit||43||30 min||Each time the end-user accesses a web page and this cookie doesn't exist yet, the cookie is created and set with a unique value, representing that the visitor accessed the site. This cookie expires after 30 minutes, if the visitor leaves the web application and then returns 30 minutes later, a new session is started. No association with an actual user identity(ies) is done by OutSystems.|
|pageLoadedFromBrowserCache||30||Session||Some applications may use this cookie to improve the user experience of the web application. It ensures that, in pages where a feedback message is displayed, if the users clicks the back button, they won't be shown the same feedback messages again.|
||49||10 days||Used by the Remember Login functionality in applications.|
||56||Session||Used in conjunction with the Session Id cookie to prevent session fixation vulnerabilities.|
||192||Session||Used to enforce session expiration as needed. Contains information needed to ensure session authenticity.|
||99||Session||Provides information to the application code about the user identifier via the built-in function GetUserId. Contains information needed to avoid CSRF attacks.|
|DEVICE_ORIENTATION||26||360 days||Used to store the orientation of the mobile device to allow OutSystems UI to implement the action
|DEVICES_TYPE||17||360 days||Used to store the type of mobile device in use to allow OutSystems UI to adjust the interface. No association with an actual user identity(ies) is done by OutSystems.|
|DEVICE_BROWSER||20||360 days||Used to store the browser in use on the device to allow OutSystems UI to implement the action
|DEVICE_OS||12||360 days||Used to store the device's operating system allowing OutSystems UI to to implement the action
|RT||87||10 min||Used to calculate load time information collected for LifeTime Analytics. The cookie will only be present if the application has Monitoring turned on (in LifeTime Analytics). No association with an actual user identity(ies) is done by OutSystems.|
This the list of the cookies created by default by OutSystems. Don't forget that your applications may explicitly implement additional cookies, and in such scenarios you need to disclose their purpose to the users.
Feel free to use this information on your own website or link directly to this topic using this address.