Cookie Information
Cookies are small text files placed on your computer by the websites/application that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site/application.
The use of cookies is now standard for most websites. If you are uncomfortable with the use of cookies, you can normally manage and control them through your browser settings, including removing cookies by deleting them from your 'browser history' (cache) when you leave the site/application.
The cookies used in this service are essential cookies from Microsoft, the authentication service provider.
Types of cookie:
During authentication through a web browser, multiple cookies are involved in the process. Some of the cookies are common on all requests. Other cookies are used for specific authentication flows or specific client-side conditions.
Persistent session tokens are stored as persistent cookies on the web browser's cookie jar. Non-persistent session tokens are stored as session cookies on the web browser, and are destroyed when the browser session is closed.
Cookies Placed on Product IAM
The following table explains the cookies we place on this application.
| Cookie Name | Purpose | Type | Expires or Max Age |
|---|---|---|---|
| brcap | Client-side cookie (set by JavaScript) to validate client/web browser's touch capabilities. | Persistent | 90 days |
| buid | Tracks browser related information. Used for service telemetry and protection mechanisms. | Persistent | 90 days |
| CCState | Contains session information state | Persistent | 90 days |
| ch | ProofOfPossessionCookie. Stores the Proof of Possession cookie hash to the user agent. | Persistent | 90 days |
| clrc | Client-side cookie (set by JavaScript) to control local cached sessions on the client. | Persistent | 90 days |
| esctx | Session context cookie information. For CSRF protection. Binds a request to a specific browser instance so the request can't be replayed outside the browser | Session | Entire Session |
| ESTSAUTH | Contains user's session information to facilitate SSO. Transient. | Session | Entire Session |
| ESTSAUTH LIGHT |
Contains Session GUID Information. Lite session state cookie used exclusively by client-side JavaScript in order to facilitate OIDC sign-out. Security feature. | Session | Entire Session |
| ESTSAUTH PERSISTENT |
Contains user's session information to facilitate SSO. Persistent. | Persistent | 90 days |
| ESTSSC | Legacy cookie containing session count information no longer used | Persistent | 90 days |
| ESTS SSOTILES |
Tracks session sign-out. When present and not expired, with value "ESTSSSOTILES=1", it will interrupt SSO, for specific SSO authentication model, and will present tiles for user account selection. | Persistent | 90 days |
| fpc | Tracks browser related information. Used for tracking requests and throttling. | Persistent | 90 days |
| MSFPC | This cookie is not specific to any ESTS flow, but is sometimes present. It applies to all Microsoft Sites (when accepted by users). Identifies unique web browsers visiting Microsoft sites. It's used for advertising, site analytics, and other operational purposes. | Persistent | 90 days |
| SignInState Cookie |
Contains list of services accessed to facilitate sign-out. No user information. Security feature. | Session | Entire Session |
| stsservice cookie |
Cookie used for tracking purposes | Session | Entire Session |
| wlidperf | Client-side cookie (set by JavaScript) that tracks local time for performance purposes. | Persistent | 90 days |
| x-ms-cpim-cache | Used for maintaining the request state. | Session | Entire Session |
| x-ms-cpim-csrf | Cross-Site Request Forgery token used for CRSF protection. | Session | Entire Session |
| x-ms-cpim-sso | Used for maintaining the SSO session. This cookie is set as persistent, when Keep Me Signed In is enabled. | Session | Entire Session |
| x-ms-cpim-trans | Used for tracking the transactions (number of authentication requests) and the current transaction. | Session | Entire Session |
| x-ms-gateway-slice | Cookie used for tracking and load balance purposes. | Session | Entire Session |
| x-ms-Refresh TokenCredential |
Available when Primary Refresh Token (PRT) is in use. | Session | Entire Session |