Khoros Cookies Datasheet (Community, Care, Marketing, Khoros Bot)
Cookies are small data files stored in web browsers to track usage and enable useful services and features when using Khoros Services or interacting with Khoros. This document provides information on the standard cookies used by Khoros Services and Khoros generally and how to reject or delete those cookies should users choose to do so. Understand that restricting cookies can have an adverse impact on the functionality and the online user experience when interacting with Khoros and Khoros Services.
We classify the cookies typically used by Khoros and Khoros Services into the four broad categories described below.
|
Type |
Classification |
Description |
Example |
|
1 |
Strictly necessary |
These cookies are necessary for the proper functioning of the community, such as tracking a user session, or accessing secure areas. |
Session cookie used to pin a logged-in session to a browser |
|
2 |
Performance |
The information these cookies collect is anonymous and is used to collect aggregate data including information about the pages users visit. |
Cookies delivered by Omniture WebAnalytics and Google Analytics for purposes of aggregate reporting |
|
3 |
Functional |
These cookies allow websites to remember preferences and settings, such as your username, language, region, font size, and so on. |
Cookie used to hold a user’s username as part of a “remember me” feature |
|
4 |
Tracking, targeting and sharing |
These cookies remember that you've visited a website, a particular web page, and/or track your activities on the site. This information is sometimes shared with third party advertisers for serving targeted online advertising or other personalized content. |
Cookies used to track visitor activity on an individual basis can be used by Khoros or its third party business partners to serve personalized content, and/or later aggregated and used to analyze website traffic and trends. |
How to control cookies
Some cookies are necessary for the proper operation of Khoros Services and disabling or removing them may have an adverse impact on the proper functioning and user experience. However, users may choose to view, block, or remove cookies set by Khoros Services through their web browser settings (or any website cookies for that matter). Consult the help feature for your specific browser to find how. Here are some useful links for your convenience.
- Microsoft Internet Explorer Privacy Settings and Information
- Google Chrome Privacy Settings and Information
- Mozilla Firefox Privacy Settings and Information
- Apple Safari Privacy Settings and Information
Also, you may choose to consult an external and independent third party website such as AboutCookies.org or www.youronlinechoices.eu/ if you are in the European Union which provides comprehensive information on a variety of browsers and how to control or change their respective privacy settings.
Cookies used by Khoros
The following standard cookies are used by:
Turning off or removing these cookies may have an adverse impact on the proper functioning and user experience when interacting with Khoros and/or using Khoros Services.
Khoros Community Cookies
|
Cookie Name |
Type |
Description and Purpose |
Expiration Time/Type |
If removed, disabled, or not accepted |
| AWSALB |
1 |
AWS sticky session cookie required for load balancer routing. See this document for further information. |
Request ( persists for 7 days) |
Sticky session won't work and some functionality will break. |
| AWSALBCORS |
1 |
For continued stickiness support with CORS use cases after the Chromium update, we are creating additional stickiness cookies for each of these duration-based stickiness features named AWSALBCORS (ALB). See https://docs.aws.amazon.com/ |
Request ( persists for 7 days) |
|
|
_ga |
2 |
Distinguishes users using a unique ID. It is used by Google Analytics to calculate visitor, session, and campaign data. By default, the configuration setting that sets this cookie is disabled. File a Support ticket to request enablement. |
2 years (persistent) |
Visitor and session data will not be tracked and will not be available to Google Analytics |
|
!lithiumSSO:{client_id} |
1 |
Used for passing authentication information to Khoros |
session |
SSO will not be functional for the user |
|
LiSESSIONID |
1 |
Session management |
session |
User cannot log in, and is treated as an anonymous user |
|
lia.anon.{setting or config name} |
3 |
Stores community-wide configurations and settings for anonymous users |
1 year (persistent) |
Community behavior will follow defaults and any UI convenience changes made by the user will be ignored. |
|
liSdkOptions:{communityId} |
3 |
Dropped when a Studio user navigates to Studio > Advanced > SDK and clicks Submit after checking the View as anonymous checkbox.
The cookie allows developers to sign out of the community but still have it find the URL to use for rendering a skin that is hosted via the Community Plugin SDK.
This cookie is used only on stage sites. |
1 month or when the View as anonymous checkbox is unselected | The community will serve the URL for the skin set on the stage site instead of the URL to the locally hosted skin (so local SASS development will not work when the user is signed out) |
|
lithium.anonymous. |
3 |
Remembers user preferences |
1 year (persistent) |
The community will not remember the user’s setting preferences |
|
lithium.anonymous. |
3 |
Remembers language preferences |
1 year (persistent) |
The community will not remember the user’s language preferences. The language will default to the native language defined for the community. |
|
lithiumLogin:{community id} |
3 |
Keeps users logged in when they make a request after their session has expired. It is triggered when a user checks Save login name and password. The cookie is encrypted and includes a unique user secure ID in the database. |
30 days (persistent) |
The "auto login" and "remember me" features will not work |
|
LithiumNotifications |
3 |
Temporarily stores Realtime Notification messages (Toast messages) |
session |
Realtime notification toasts may not appear (pop-up) after a page transition. |
|
LithiumUserInfo |
1 |
Session management |
session |
The user will not be able to view secure pages and will be redirected to the login page |
|
LithiumUserSecure |
1 | Secure Session management | session | The user will not be able to view secure pages and will be redirected to the login page. |
| LithiumVisitor |
1 |
Replaces VISITOR_BEACON. Khoros currently uses both for backward compatibility. This cookie computes billing visits, registered billing visits, visits, registered visits, and unique visitors metrics. The cookie is encrypted and stores when it was first issued, when it was last seen by Khoros, an unique visitor ID (which is unique per visitor’s browser). |
Configurable (Default = 6 Months) Note: To change the default value, contact Khoros Support. |
Visits and unique visitors metrics will not be accurate. There will be a new billable visit on each new request. Customers on billing visits model will be affected. |
|
P{poll_id}U{user_id}R{reset_count} |
3 |
Tracks when a user has voted in a poll and tracks the answer value. The cookie is used to prevent a user from voting multiple times in a single poll. The cookie is only placed if Use cookies to prevent multiple votes is enabled in Community Admin. |
14 days |
If the user is an anonymous user, the user will be able to vote multiple times when the cookie is cleared. If the user is logged in, votes, and then clears the cookie, they are not allowed to revote. |
|
PushyAuthToken |
1 |
Authenticates the user for a session with Realtime Notifications service (Pushy) |
Manually cleared when the user logs out or when their session expires due to inactivity |
WebSocket connections to the Realtime Notification service will fail with a 403 Forbidden error and the user will not see realtime notifications. |
|
VISITOR_BEACON |
1 |
Computes billing visits, registered billing visits, visits, registered visits, and unique visitors metrics. The cookie is encrypted and stores, when it was first issued, when it was last seen by Khoros, the user ID, and its own unique ID. |
Configurable (Default = 6 Months) Note: To change the default value, contact Khoros Support. |
Visits and unique visitors metrics will not be accurate. There will be a new billable visit on each new request. Customers on billing visits model will be affected. |
|
VISITORID |
1 |
Distinguishes between human and bot traffic |
3 years (session) |
Defeats the bot detection mechanism. (May see increased spam on the community.) |
|
ValueSurveyParticipation |
3 |
Stores a timestamp storing the creation time of this cookie, which is used in value survey trigger logic.
|
Default is 90 days. Configurable in Community Admin |
The user will get multiple prompts to take a survey |
|
ValueSurveyVisitorCount |
3 |
Stores the survey visit count of the user, which is used in logic that determines when a survey is triggered. This cookie is used in conjunction with the ValueSurveyParticipation cookie. When the ValueSurveyParticiation is set, the count for ValueSurveyVisitorCount cookie is reset to 0. |
Expires when the ValueSurveyParticipation cookie is either set or expires |
The user will not be prompted to take a survey until the count defined in the Delay before prompting user with survey field in Community Admin > Features > Value Surveys > Settings is met. |
|
LithiumCookiesAccepted (for Cookie Banner v1) |
1 |
Stores the information of whether the user has given explicit consent by clicking "Accept" on the cookie banner to store Type 2, Type 3 & Type 4 cookies. For Cookie Banner v1, this cookie stores: -'1' if the user has explicitly clicked "Accept" in the cookie banner. -'2' if user clicked "Reject".
|
Configurable (Default = 6 months). This cookie is not session specific (persistent) and will be maintained across sessions. |
This cookie is not dropped if OOTB cookie banner is disabled. If the banner is enabled and this cookie is explicitly removed from the browser, the cookie banner will appear again and Type 2, Type 3 & Type 4 cookies will not be stored unless the user clicks “Accept” again. |
|
LithiumNecessaryCookiesAccepted (for Cookie Banner v2 and Aurora) |
1 |
Stores the information of whether the user has given explicit consent by clicking "Accept", "Reject" or "Confirmed" their choices from options under "Preferences" on the cookie banner to store Type 1 cookies. For Cookie Banner v2 this cookie stores: -'0' when the OOTB cookie banner for the site is enabled and user has not explicitly clicked "Accept" or "Reject" or "Confirmed" their choices from "Preferences". - For Classic: '0' when the OOTB cookie banner for the site is enabled and user clicked "Reject". - For Aurora: "1" when the OOTB cookie banner for the site is enabled and user clicked "Reject". -'1' if the user has explicitly clicked "Accept" or "Confirmed" their choices from "Preferences". Irrespective of the value, Type 1 cookies are always stored in the browser. |
Configurable (Default = 6 months). This cookie is not session specific (persistent) and will be maintained across sessions. |
This cookie is not dropped if OOTB cookie banner is disabled. If the banner is enabled, removing or deleting this cookie from the browser will not impact any Type 1 cookies that are stored in the browser. |
|
LithiumFunctionalCookiesAccepted (for Cookie Banner v2) |
1 |
Stores the information of whether the user has given explicit consent by clicking "Accept", "Reject" or "Confirmed" their choices from options under "Preferences" on the cookie banner to store Type 3 cookies. For Cookie Banner v2 this cookie stores: -'0' when the OOTB cookie banner for the site is enabled and user has not explicitly clicked "Accept" or "Reject" or "Confirmed" their choices from "Preferences". -'1' if the user has explicitly clicked "Accept" in the cookie banner or "Confirmed" their choices from "Preferences". -'2' if user clicked "Reject".
|
Configurable (Default = 6 months). This cookie is not session specific (persistent) and will be maintained across sessions. |
This cookie is not dropped if OOTB cookie banner is disabled. If the banner is enabled and this cookie is removed from the browser, then new Type 3 cookies will not be stored in the browser. |
|
LithiumTargetingCookiesAccepted (for Cookie Banner v2) |
1 |
Stores the information of whether the user has given explicit consent by clicking "Accept", "Reject" or "Confirmed" their choices from options under "Preferences" on the cookie banner to store Type 4 cookies. For Cookie Banner v2 this cookie stores: -'0' when the OOTB cookie banner for the site is enabled and user has not explicitly clicked "Accept" or "Reject" or "Confirmed" their choices from "Preferences". -'1' if the user has explicitly clicked "Accept" in the cookie banner or "Confirmed" their choices from "Preferences". -'2' if user clicked "Reject". |
Configurable (Default = 6 months). This cookie is not session specific (persistent) and will be maintained across sessions. |
This cookie is not dropped if OOTB cookie banner is disabled. If the banner is enabled and this cookie is removed from the browser, then new Type 4 cookies will not be stored in the browser. |
|
LithiumPerformanceCookiesAccepted (for Cookie Banner v2) |
1 |
Stores the information of whether the user has given explicit consent by clicking "Accept", "Reject" or "Confirmed" their choices from options under "Preferences" on the cookie banner to store Type 2 cookies. For Cookie Banner v2 this cookie stores: |
Configurable (Default = 6 months). This cookie is not session specific (persistent) and will be maintained across sessions. |
This cookie is not dropped if OOTB cookie banner is disabled. If the banner is enabled and this cookie is removed from the browser, then new Type 2 cookies will not be stored in the browser. |
|
_pendo_meta.* |
4 |
Cookie is used by Communities to show in-app feature guides in the "Community Admin" section |
Persistent |
None |
|
_pendo_accountId.* |
4 |
Cookie is used by Communities to show in-app feature guides in the "Community Admin" section |
Persistent |
None |
| _pendo_visitorId.*
|
4 |
Cookie is used by Communities to show in-app feature guides in the "Community Admin" section |
Persistent |
None |
| mPulse |
2 |
7 days |
The mPulse tools and dashboards from within Akamai will no longer contain the relevant real user measurement data. |
|
| kh-local-storage (for Aurora only) |
3 |
Session |
Mobile Android apps that embed a community using WebView and do not have local storage enabled will fail to render pages. |
|
| LithiumImpersonatedUser (for Aurora only) |
3 |
30 minutes |
Switch Member feature would not work as cookie is used to identify the impersonated user. |
|
| kh-sso |
1 |
Session |
If the bounce URL is set in the SSO properties, the user may enter a redirection loop and be unable to access the community. |
|
|
LithiumUserExternalVideoConsent |
1 |
180 days / 6 months |
Users are asked to consent to cookies originating from external video providers |
|
| LithiumLocalePreferences (For Classic and Aurora communities)
|
3 |
24 hours |
Increase in number of calls to verify user language preference. Language preference order may be altered or may default to browser selected preference. For Aurora - If this cookie is not present, a query will be executed to retrieve the language. If the user does not have a value in their preferences, we will use the browser's `Accept-Language` header. |
|
| LithiumToggleTextKeys |
3 |
24 hours |
Toggle text keys functionality would not show on end-user app and therefore could not be used. |
|
| LithiumLocalizedCategoryLocalePreference(Aurora only) |
3 |
24 hours |
Users selected language from the language selector will not persist. Language preference will shift back to the language retrieved from the users browser `Accept-Language` header. |
Community Analytics Cookies
|
Cookie Name |
Type |
Description and Purpose |
Expiration Time/Type |
If removed, disabled, or not accepted |
|
|
SIP|ws |
3 |
Tracks the workspace to redirect to after a session timeout |
1 day |
|
|
|
All Khoros Community cookies also apply to Community Analytics |
|||||
Khoros Care cookies
|
Cookie Name |
Type |
Description and Purpose |
Expiration Time/Type |
If removed, disabled, or not accepted |
|
X-TOKEN-ID |
1 |
Protects against cross-site scripting |
Session |
This is a security token. It is critical for the application to run |
|
PLAY_SESSION |
1 |
This is the main session cookie |
Session |
This is the main session cookie. It is critical for the application to run |
|
__sdx_page |
3 |
Stores the user’s current application tab |
14 days |
When a user reloads the page, the user is redirected to the default tab instead of to the last tab used in the application |
|
PLAY_LANG |
3 |
Retrieves the user’s language |
14 days |
This is used only when LSW cannot detect the browser language and a user has no language set |
|
Khoros Care Analytics Cookies |
||||
|
Cookie Name |
Type |
Description and Purpose |
Expiration Time/Type |
If removed, disabled, or not accepted |
|
XSessionID |
1 |
This is the main session cookie |
24 hours |
This is the main session cookie. It is critical for the application to run |
|
JSESSIONID |
3 |
This is an auto-generated JSP cookie |
Session |
The application does not rely on this cookie but uses the cookie occasionally to auto-generate UUIDs |
|
Care Publisher Cookies |
||||
|
Cookie Name |
Type |
Description and Purpose |
Expiration Time/Type |
If removed, disabled, or not accepted |
| TOCOMA-CID | 1 | The user’s main session cookie | Expires when the browser session ends |
The application will not run |
Khoros Marketing Cookies
In addition to the _ga cookie used by Khoros Communities (see the “Khoros Communities cookies” chart above), Khoros Marketing also uses the following cookies:
Note: Khoros Experiences customers can set additional cookies on websites where they publish visualizations created by the Khoros product, in addition to the standard cookies disclosed below. These cookies are set by social networks when a user signed in to the social network visits the website.
| Description and Purpose | Cookie Name | Type | Expiration Time/Type | Consequence if removed, disabled, or not accepted |
| sf-ui.login.spredfast.com | 3 - Functional | Expanded user auth info | Persistent | None |
| sfauth-login.spredfast.com | 1 - Strictly necessary | User Auth Info | 12 hours | Users cannot use the products |
| sfjwt-login.spredfast.com | 1 - Strictly necessary | User Auth Info | 12 hours | Users cannot use the products |
| sfcsrf-login.spredfast.com | 1 - Strictly necessary | Cross-site request protection | 12 hours | Users cannot use the products |
| sfsig-login.spredfast.com | 1 - Strictly necessary | User Auth Info signature | 12 hours | Users cannot use the products |
| _ga | 2- Functional | Google Analytics - Used to distinguish users. | 2 years | None |
| _gid | 2- Functional | Google Analytics - Used to distinguish users. | 24 hours | None |
| _gat | 2- Functional | Google Analytics - Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>. | 1 minute | None |
| _pendo_accountId.* | 4 - Tracking, targeting and sharing | Cookie is used by marketing software for user analytics | Persistent | None |
| _pendo_meta.* | 4 - Tracking, targeting and sharing | Cookie is used by marketing software for user analytics | Persistent | None |
| _pendo_visitorId.* | 4 - Tracking, targeting and sharing | Cookie is used by marketing software for user analytics | Persistent | None |
| PHPSESSID | 1 - Strictly necessary | Only contain a reference to a session stored on the web server. No information is stored in the user's browser and this cookie can only be used by the current web site. | Session | Users cannot use the product |
| csrf_token | 1 - Strictly necessary | Cross-site request protection | Session | Users cannot use the product |
| campaignTab | 3 - Functional | Used to track and restore last tab in Initiative Settings | Session | None |
| _tweetriver_session | 1 - Strictly necessary | Only contain a reference to a session stored on the web server. No information is stored in the user's browser and this cookie can only be used by the current web site. | 24 hours | Users cannot use the product |
| _tweetriver_session | 1 - Strictly necessary | Only contain a reference to a session stored on the web server. No information is stored in the user's browser and this cookie can only be used by the current web site. | 24 hours | Users cannot use the product |
| mr_inst_token | 3 - Functional | Allows users to like an Instagram status from Vizzes | Session | Users cannot like an Instagram status from Vizzes |
| mr_pauth_t | 1 - Strictly necessary | Redirects the user after photo share | Session | User will not be redirected after sharing a photo |
| poll-user-id | 3 - Functional | Tracks a random user id for submitting to a poll (so repeat votes can be tracked). | Session | Duplicate poll votes cannot be tracked. |
| redirectToOldModeration | 3 - Functional | Redirects the user to old stream moderation tool | Session | May be deprecated or non-functioning at this time |
Customer and Third-Party Cookies on Khoros Communities
Khoros customers may set additional cookies on Khoros Community in addition to the standard cookies disclosed above. These cookies are set and controlled by Khoros customers and their affiliates for various purposes such as website usage tracking (very common practice) and targeting for surveys or advertising in some cases. Khoros does not control the dissemination of such cookies. If you need more information on which additional cookies are set on the Community you are visiting, visit the community’s privacy section. You may also wish to review the How to control cookies section to view, remove, or block certain cookies. Note that disabling or removing cookies may have an adverse impact on the proper functioning of the community, and certain features may become disabled or unavailable.
Cookies Set by Third-Party and External Sites
Communities may contain embedded images, videos, and links to external and third-party websites. Khoros customers may also include syndicated content on their communities such as banner ads and similar embedded objects from their affiliates and partners. As a result, when you click on such an object you may be presented with cookies from the owner of that respective website where the content is hosted. Khoros does not control the dissemination of such cookies. Contact the relevant third party website for their privacy policy and cookie information. Note that disabling or removing cookies may have an adverse impact on the proper functioning of the community, and certain features may become disabled or unavailable.
Khoros Bot Cookies
Khoros recently acquired Flow.ai which provides Intent Detection and Suggested Responses in Enterprise Architecture and uses the following cookies in the provided cookie bar when accepted by the website visitor:
|
Cookie Name |
Location |
Description |
Type |
|
Cloudfire |
Dashboard |
The cookie is used by CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. |
Strictly necessary |
|
Google Analytics |
Dashboard |
The cookie is used by Google analytics to calculate visitor, session, campaign data, user interaction with the website and keep track of site usage for the site''s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
Performance |
|
Stripe |
Dashboard |
This cookie is used to enable payment on the website without storing any payment information on a server. |
Strictly necessary |
Atlas Cookies
In addition to the AWSALBCO, AWSALB, _ga, LiSESSIONID, LithiumVisitor and VISITOR_BEACON cookies used by Khoros Communities (see the “Khoros Communities cookies” chart above) Khoros Atlas Community also uses the following cookies:
|
Cookie Name |
Type |
Description and Purpose |
Expiration Time/Type |
| __cfduid | Necessary | The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. | 1 month |
| _hjFirstSeen | Analytics | This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions. | 30 minutes |
| _gat_UA-134360776-2 | Other | No description | 1 minute |
| _gat_UA-134360776-3 | Other | No description | 1 minute |
| _hjTLDTest | Other | No description | session |
| _hjid | Other | This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 1 year |
| Munchkin Javascript Tracking API | 4 | Tracking of end-user page visits. Tracking of clicks to specific landing pages and external web pages. | 720 days, and we're currently supporting Do Not Track functionality |
Contact Khoros
- For Privacy related requests email privacy [at] khoros [dot] com. Use a secure communication method such as PGP or SMIME for sharing sensitive information.
- Find Khoros' Privacy Policy.
- For Security related requests email security [at] khoros [dot] com. Use a secure communication method such as PGP or SMIME for sharing sensitive information.
- Read about our Security Testing and Reporting Policy.
- For sales related and general inquiries, contact your designated Account Manager or visit our website.
