22 |
23 | Cookie |
24 | Duration |
25 | Purpose |
26 | Logged in Users Only? |
27 |
28 |
29 |
30 | devicePixelRatio |
31 |
32 | Browser default (1 year) |
33 | Used to make the site responsive to the visitor’s screen size. |
34 | No |
35 |
36 |
37 | wordpress_test_cookie |
38 | Session |
39 | Tests that the browser accepts cookies. |
40 | No |
41 |
42 |
43 | __qca |
44 | 5 years |
45 | Quantcast |
46 | No |
47 |
48 |
49 | __utma |
50 | 2 years |
51 | Google Analytics - ‘Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.’ |
52 | No |
53 |
54 |
55 | __utmb |
56 | 30 minutes |
57 | Google Analytics - ‘Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.’ |
58 | No |
59 |
60 |
61 | __utmc |
62 | Session |
63 | Google Analytics - ‘Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.’ |
64 | No |
65 |
66 |
67 | __utmt |
68 | 10 minutes |
69 | Google Analytics - ‘Used to throttle request rate.’ |
70 | No |
71 |
72 |
73 | __utmz |
74 | 6 months |
75 | Google Analytics - ‘Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.’ |
76 | No |
77 |
78 |
79 | wp-settings-{user_id} |
80 | 1 year |
81 | Used to persist a user’s wp-admin configuration. |
82 | Yes |
83 |
84 |
85 |
86 | wporg_logged_in
87 | wporg_sec |
88 | 14 days if you select "Remember Me" when logging in. Otherwise, Session. |
89 | Used to check whether the current visitor is a logged in WordPress.org user. |
90 | Yes |
91 |
92 |
93 |
94 |
95 | ### Make.wordpress.org
96 |
97 |
207 |
208 | Constant |
209 | Cookie |
210 | Duration |
211 | Purpose |
212 | Logged in Users Only? |
213 | Links |
214 |
215 |
216 | USER_COOKIE |
217 | 'wordpressuser_' . COOKIEHASH |
218 | |
219 | |
220 | |
221 | https://github.com/WordPress/WordPress/blob/4.9/wp-includes/default-constants.php#L212-L216 |
222 |
223 |
224 | PASS_COOKIE |
225 | 'wordpresspass_' . COOKIEHASH |
226 | |
227 | |
228 | |
229 | https://github.com/WordPress/WordPress/blob/4.9/wp-includes/default-constants.php#L218-L222 |
230 |
231 |
232 | AUTH_COOKIE |
233 | 'wordpress_' . COOKIEHASH |
234 | 2 days |
235 | |
236 | Yes |
237 | https://github.com/WordPress/WordPress/blob/4.9/wp-includes/default-constants.php#L224-L229, https://github.com/WordPress/WordPress/blob/4.9/wp-includes/pluggable.php#L790-L926 |
238 |
239 |
240 | SECURE_AUTH_COOKIE |
241 | 'wordpress_sec_' . COOKIEHASH |
242 | |
243 | |
244 | |
245 | https://github.com/WordPress/WordPress/blob/4.9/wp-includes/default-constants.php#L230-L234, https://github.com/WordPress/WordPress/blob/4.9/wp-includes/pluggable.php#L790-L926 |
246 |
247 |
248 | LOGGED_IN_COOKIE |
249 | 'wordpress_logged_in_' . COOKIEHASH |
250 | |
251 | |
252 | |
253 | https://github.com/WordPress/WordPress/blob/4.9/wp-includes/default-constants.php#L236-L240 |
254 |
255 |
256 | TEST_COOKIE |
257 | 'wordpress_test_cookie' |
258 | |
259 | |
260 | |
261 | https://github.com/WordPress/WordPress/blob/4.9/wp-includes/default-constants.php#L242-L246 |
262 |
263 |
264 |
265 | ### Ideas
266 |
267 | #### User interface
268 |
269 | In the [GDPR plugin](https://github.com/trewknowledge/GDPR) by [Trew Knowledge](https://trewknowledge.com) and @fclaussen WordPress administrators can manually register the cookies used on their site to display a Privacy Policy with all the used cookies.
270 |
271 | #### Cookies API
272 |
273 | There was also a suggestion by @remcotolsma for a WordPres Cookies API so WordPress plugin and theme developers can register the cookies they set/use. This should work in combination with a user interface like the one in the [Trew Knowledge GDPR plugin](https://github.com/trewknowledge/GDPR).
274 |
275 | ```php
276 | wp_register_cookies( 'wordpress', array(
277 | 'label' => __( 'WordPress' ),
278 | 'cookies' => array(
279 | 'wordpress_*' => array(
280 | 'label' => __( 'WordPress Authentication Cookie' ),
281 | 'description' => __( 'This cookie is used for WordPress user authentication.' ),
282 | 'category' => 'required',
283 | 'expiration' => 2 * DAY_IN_SECONDS,
284 | ),
285 | ) );
286 |
287 | wp_register_cookies( 'woocommerce', array(
288 | 'label' => __( 'WooCommerce', 'woocommerce' ),
289 | 'url' => __( 'https://github.com/woocommerce/woocommerce/blob/3.3.3/includes/class-wc-cart-session.php#L203-L218', 'woocommerce' ),
290 | 'cookies' => array(
291 | 'woocommerce_cart_hash' => array(
292 | 'label' => __( 'WooCommerce Cart Hash', 'woocommerce' ),
293 | 'description' => __( 'This cookie is used to verify the visitors shopping cart.', 'woocommerce' ),
294 | 'category' => 'required',
295 | 'expiration' => HOUR_IN_SECONDS,
296 | ),
297 | 'woocommerce_items_in_cart' => array(
298 | 'label' => __( 'WooCommerce Number Items in Cart', 'woocommerce' ),
299 | 'description' => __( 'This cookie is used to keep track of the number of items in the visitors shopping cart.', 'woocommerce' ),
300 | 'category' => 'required',
301 | 'expiration' => HOUR_IN_SECONDS,
302 | ),
303 | 'wp_woocommerce_session_*' => array(
304 | 'label' => __( 'WooCommerce Session ID', 'woocommerce' ),
305 | 'description' => __( 'This cookie is used to keep track of visitors session.', 'woocommerce' ),
306 | 'category' => 'required',
307 | 'expiration' => 48 * HOUR_IN_SECONDS,
308 | ),
309 | ),
310 | ) );
311 |
312 | wp_register_cookies( 'google-analytics-for-wordpress', array(
313 | 'label' => __( 'MonsterInsights - Google Analytics', 'google-analytics-for-wordpress' ),
314 | 'url' => __( 'https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage', )
315 | 'cookies' => array(
316 | '_ga' => array(
317 | 'label' => __( '_ga', 'google-analytics-for-wordpress' ),
318 | 'description' => __( 'Used to distinguish users.', 'google-analytics-for-wordpress' ),
319 | 'category' => 'analytics',
320 | 'expiration' => 2 * YEAR_IN_SECONDS,
321 | ),
322 | '_gid' => array(
323 | 'label' => __( '_gid', 'google-analytics-for-wordpress' ),
324 | 'description' => __( 'Used to distinguish users.', 'google-analytics-for-wordpress' ),
325 | 'category' => 'analytics',
326 | 'expiration' => 24 * HOUR_IN_SECONDS,
327 | ),
328 | '_gat' => array(
329 | 'label' => __( '_gat', 'google-analytics-for-wordpress' ),
330 | 'description' => __( 'Used to throttle request rate.', 'google-analytics-for-wordpress' ),
331 | 'category' => 'analytics',
332 | 'expiration' => array(
333 | 'from' => 30,
334 | 'to' => YEAR_IN_SECONDS,
335 | ),
336 | ),
337 | '_gac_*' => array(
338 | 'label' => __( '_gac_