Identity Gateway (IDG) Cookie Policy
Which websites are covered by this policy?
The IDG Single Sign-on (SSO): https://id.nihr.ac.uk The IDG Portal: https://portal.nihr.ac.uk
What is a cookie?
A cookie is a small text file that is downloaded onto your device (computer, tablet, or smartphone) when you visit our website. It allows us to recognise your device and store some information about your visit or past actions. In this policy, we use the term “cookies” to discuss all of these technologies.
What does IDG use cookies for?
Cookies are used for two purposes in IDG.
- To identify you and provide security (as this is the main function of the IDG Single Sign-on).
- To provide a satisfying user experience.
IDG uses cookies for the following purposes listed below.
Preferences
IDG uses these cookies to remember your settings and preferences, and to auto-fill the form fields to make your interactions with the site easier.
These cookies can not be used to personally identify you.
Security
- IDG uses selected cookies to identify and prevent security risks.
For example, IDG may use these cookies to store your session information in order
to prevent others from changing your password without your username and password.
- IDG uses session cookies to maintain your active session.
- IDG may use temporary cookies when performing multi-factor authentication and
federated authentication.
- IDG may use permanent cookies to detect that you have previously used the same device to log in. This is to to calculate the “risk level” associated with your current login attempt. This is primarily to protect you and your account from possible attack.
Performance
IDG may use cookies to allow “Remember Me” functionalities.
Analytics
IDG does not use cookies for analytical purposes.
What type of cookies does IDG use?
IDG uses persistent cookies and session cookies. A persistent cookie helps IDG to recognise you as an existing user so that it is easier to return to IDG or interact with IDG without signing in again. After you sign in, a persistent cookie stays in your browser and will be read by IDG when you return to IDG.
A session cookie is a cookie that is erased when the user closes the web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user's computer.
How does IDG process cookies?
IDG stores and retrieves information on your browser using cookies. This information is used to provide a better experience. Some cookies serve the primary purposes of allowing a user to log in to the system, maintaining sessions, and keeping track of activities you do within the login session.
The primary purpose of some cookies used in IDG is to personally identify you as this is the main function of the IDG Single Sign-on. However the cookie lifetime ends once your session ends i.e., after you log-out, or after the session expiry time has elapsed.
Some cookies are simply used to give you a more personalised web experience and these cookies can not be used to personally identify you or your activities.
Can I decline or customise which cookies I accept?
Yes. With the exception of strictly necessary or functional cookies that make the site work. You can do this at any time using the cookie banner to change your choices or by using the cookie policy preferance page.
Precisely which cookies do we use, what do they do and how long do they stay on my device?
IDG SSO
|
Cookie Name |
Purpose |
Retention |
|---|---|---|
|
JSESSIONID |
To keep your session data in order to give you a good user experience. |
Session |
|
MSGnnnnnnnnnn |
To keep some messages that are shown to you in order to give you a good user experience. The “nnnnnnnnnn” reference in this cookie represents a random number e.g., MSG324935932. |
Session |
|
requestedURI |
The URI you are accessing. |
Session |
|
current-breadcrumb |
To keep your active page in session in order to give you a good user experience. |
Session |
|
deviceauth |
Used as part of the One Time Password (OTP) implementation to check if you have logged in from that device previosuly. |
30 days |
IDG Portal
|
Cookie Name |
Purpose |
Retention |
|---|---|---|
|
CookieConsent |
Used to detemine if you have accepted the optional Google Analytics cookies. |
365 days |
|
_ga |
This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site‘s analytics reports. By default, it is set to expire after 2 years, although this is customisable by website owners. |
400 days |
|
_GA_XXXXXXXXXX |
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site‘s analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. |
400 days |
|
.AspNetCore.Cookies |
Used to maintain a user's authenticated state across different requests |
Session |
|
.AspNetCore.CookiesC1 |
The .AspNetCore.CookiesC1 cookie is a “chunked” part of the main ASP.NET Core authentication cookie. You'll see this and similarly named cookies (like .AspNetCore.CookiesC2, .AspNetCore.CookiesC3, etc.) when the primary authentication cookie, .AspNetCore.Cookies, becomes too large. |
Session |
|
.AspNetCore.CookiesC2 |
See the .AspNetCore.CookiesC1 desscription cookie for details. |
Session |
|
.AspNetCore.Antiforgery.[some_random_string] |
Used by ASP.NET Core to help prevent Cross-Site Request Forgery (CSRF) attacks |
Session |