| Name | Type | Provider | Purpose | Duration | HttpOnly |
|---|---|---|---|---|---|
| user_consent | Strictly Necessary | This site | Stores the user's cookie consent preferences so their choice is remembered across visits. Contains a JSON record of consent state for each category - analytics, ads, ad user data, and ad personalisation. No personal data, purely a preference record. | 6 months | No |
| cfid | Strictly Necessary | This site | Part of ColdFusion's native session management. CFID is a sequential numeric identifier that, in combination with CFTOKEN, allows the server to associate requests from the same browser with a persistent client record. It contains no personal data itself - it's just a number. | Persistent | Yes |
| cftoken | Strictly Necessary | This site | Works alongside CFID to form a unique client identifier pair. CFTOKEN is a randomly generated alphanumeric string that adds the security/randomness element that CFID alone lacks. Together they allow the server to recognise returning sessions without storing personal data in the cookie itself. | Mirrors CFID | Yes |
| jsessionid | Strictly Necessary | This site | Standard Java session identifier used by the underlying servlet container (in CF's case, typically Tomcat). Tracks the user's server-side session - keeps you logged in, maintains state between page requests. Contains no personal data, just a reference ID that maps to server memory. | Session only. Expires when the browser is closed | Yes |
| _ga | Analytics | Google Analytics | The primary GA cookie. Distinguishes unique users by assigning a randomly generated client ID. Used to calculate visitor, session, and campaign data for site analytics reports. | 2 years | No |
| _ga_XXXXXXXXX | Analytics | Google Analytics (GA4) | Used to persist session state. The suffix (XXXXXXXXX) is your specific GA4 measurement ID fingerprint. Works alongside _ga to track session-level data distinct from the user-level data _ga handles. | 2 years | No |