Understanding cookie usage in Document360

Cookies are essential for maintaining session data, remembering user preferences, and ensuring seamless functionality within Document360. This article provides an overview of how Document360 handles cookies and answers common questions about their usage and management.

Cookie usage in Document360

Document360 uses only essential cookies for security, authentication, and functionality.
No tracking pixels, retargeting cookies, or marketing identifiers are used.
Authentication cookies expire automatically after inactivity.
Analytics rely on server-side processing, not cookie-based personal tracking.

This approach ensures a secure, privacy-conscious experience across public and private knowledge bases hosted on Document360.

Managing cookies in Document360

Users can control cookies through browser settings. Session-based cookies expire when the session ends, while persistent cookies remain until manually cleared.

Document360 uses several cookies for authentication, analytics, and functionality. The tracked cookies include:

Cookie Name	Access Type	Purpose	Is Essential	What data is collected?	What is it used for?	How long is the data stored for?
`__cf_bm`	Private/Public	Security	Yes	The cookie does not collect personal data or track users across sites. It contains Cloudflare-generated values such as: A unique session identifier used for bot scoring. Computed metrics from Cloudflare (e.g., behavioural indicators, performance metrics). Encrypted bot-detection token that help Cloudflare validate whether the request is coming from a trusted user or a suspected bot. A timestamp (expiry is usually takes ~30 minutes).	Its purpose is to distinguish between legitimate human traffic and automated/bot traffic. It helps Cloudflare protect the site from malicious bots without requiring additional challenges (like CAPTCHAs). It ensures the site remains available, performant, and secure by filtering harmful automated traffic.	30 minutes
`kb_version`	Private/Public	Version detection	Yes	This cookie stores a simple version number (1 or 2) to identify which version of the Knowledge Base site is being served.	Since we have both the older and newer versions of the KB site, the system must be able to identify which version a request belongs to and route the traffic to the appropriate load balancer.	24 hours
`connect.sid`	Private only	Authentication	Yes	Authentication claims by Identity Server	The authentication cookie, managed by the Identity Server, securely stores encrypted session information to provide safe, seamless, and continuous user access. The `connect.sid` cookie is not applicable for public projects.	24 hours with rolling expiry from the last activity

Cookie Name

Access Type

Purpose

Is Essential

What data is collected?

What is it used for?

How long is the data stored for?

__cf_bm

Private/Public

Security

Yes

The cookie does not collect personal data or track users across sites.

It contains Cloudflare-generated values such as:

A unique session identifier used for bot scoring.
Computed metrics from Cloudflare (e.g., behavioural indicators, performance metrics).
Encrypted bot-detection token that help Cloudflare validate whether the request is coming from a trusted user or a suspected bot.
A timestamp (expiry is usually takes ~30 minutes).

Its purpose is to distinguish between legitimate human traffic and automated/bot traffic.
It helps Cloudflare protect the site from malicious bots without requiring additional challenges (like CAPTCHAs).
It ensures the site remains available, performant, and secure by filtering harmful automated traffic.

30 minutes

kb_version

Private/Public

Version detection

Yes

This cookie stores a simple version number (1 or 2) to identify which version of the Knowledge Base site is being served.

Since we have both the older and newer versions of the KB site, the system must be able to identify which version a request belongs to and route the traffic to the appropriate load balancer.

24 hours

connect.sid

Private only

Authentication

Yes

Authentication claims by Identity Server

The authentication cookie, managed by the Identity Server, securely stores encrypted session information to provide safe, seamless, and continuous user access. The connect.sid cookie is not applicable for public projects.

24 hours with rolling expiry from the last activity

Cookies from customer-configured integrations

Document360 does not control cookies introduced through customer-configured integrations, embedded media (such as video players), or custom scripts added to the Knowledge Base site.

Depending on the configuration, third-party services may set additional cookies in the user’s browser. These cookies are dynamically introduced by the external provider and are outside the scope of Document360’s management or visibility.

Customers are responsible for:

Reviewing the cookies set by their third-party integrations
Assessing the provider’s privacy and data processing practices
Updating their cookie and privacy policies accordingly
Configuring consent mechanisms where required by applicable regulations

Document360 does not process or access data collected through these external cookies.

FAQ

Are all cookies used by Document360 strictly necessary?

Yes, all cookies used by Document360 are essential for platform functionality. Disabling them may affect the platform's performance and user experience.

How does Document360 handle cookies or tracking pixels? Does it use retargeting?

Document360 only stores essential cookies required for user authentication and application preferences. It does not use tracking pixels or engage in retargeting.

What specific data does Document360's cookies collect?

Document360 cookies collect essential data such as:

User authentication details (session ID)
Application preferences

No personal tracking or marketing data is collected.

How long does Document360 store cookie data? Are cookies persistent?

Document360 uses:

Session-based cookies: expires when the session ends
Persistent cookies: stores application preferences until the user clears their browser cookies

Are cookies shared across multiple devices or platforms?

No, cookies are not shared across different devices.

Can users delete cookies?

Yes, users can manually delete cookies at any time through their browser settings.

Does Document360 provide control over cookie settings?

Yes, users can manage cookies using cookie consent plugins, allowing them to enable or disable certain types of cookies as needed.

Is the connect.sid cookie a session-only cookie?

No. The connect.sid cookie is not a session-only cookie that is removed when the browser is closed.

How long is the connect.sid cookie retained?

The connect.sid cookie follows a rolling 24-hour expiry:

The cookie remains valid for 24 hours from the user’s last activity.
Each interaction refreshes the expiry timer.
If the user is inactive for more than 24 hours, the cookie automatically expires and is removed from the browser.

Are IP addresses stored in cookies for analytics or tracking?

No. IP addresses are not stored in cookies.

Here’s how IP-based data is handled:

The IP address is automatically included in the incoming HTTP request from the browser.
This information is processed server-side only.
It is used for:
- IP-based access restrictions
- Location-level analytics reporting

No IP data is persisted in browser cookies, and no additional tracking mechanisms are involved.