One of our software's fundamental principles is not collecting or storing personal information that isn't central to the platform's functionality, and that extends to our use of cookies. We do not foresee this changing. Any major functional changes to our cookies would appear in our release notes.
List of cookies your forum may use:
%-tk
- This token is anonymous and is used for CSRF protection.
- Cannot be opted out of.
%-Vv
- This token is anonymous and is used to track visits.
- Cannot be opted out of
%-vA
- This token is used for Analytics tracking and is anonymous for EU users.
- We store several pieces of information on this single cookie:
- Privacy Mode - A numeric flag, used to determine how much we anonymize a user's data when tracking analytics. This value is automatic, based on the detected country of origin.
- Session ID - A randomly-generated ID used to track signed-in-user activity. This value is reset between visits to the site.
- Secondary Session ID - A randomly-generated ID used to track events that could include guest data (e.g. page views).
- UUID - A randomly-generated ID used to uniquely identify the user. This ID can persist between site visits but only lives in the user's analytics cookie.
- Cannot be opted out of -- however, sites can disable Vanilla Advanced Analytics.
- Note: EU users are automatically opted out.
__vnf
- This the Troll Management cookie. It is not anonymous and persists after logout. It's not used by anything except the Troll Management addon. It is only initially assigned when users log in and does not apply to users who remain guests.
- This is a randomly-generated ID we use to "fingerprint" users to determine if one user is utilizing multiple accounts on a community. It is not derived from any PII.
- Cannot be opted out of -- however, sites can disable the Troll Management addon.
vf-%-sid
- This is a "session" cookie (sid = session ID). The value maps to a row in Vanilla's Session table. This table is used to temporarily store information for a user. More often than not, this cookie is created as part of an SSO sign-in (although it can also make an appearance when users initiate the "forgot my password" workflow). Depending on the SSO method, Vanilla might need to "remember" some initial values to complete sign-in, after the user is redirected back to the site from the authentication provider
__cfduid
- Cloudflare uses 2 cookies, both named __cfduid. These live on:
- .v-cdn.net
- Yourforums.vanillacommunities.com
- These are used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
- For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.
- Full description here: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do-
__cfruid -
- Another Cloudflare cookie related to rate limiting
- Basically, it makes sure that different users on the same network (sharing the same IP) doing requests to rate-limited URLs won't be counted as one user in order to avoid rate limiting issues.