For the purposes of properly recognizing users when they return to our clients' sites or respond to their campaigns, Piano sets several cookies. This document fully describes those persistent Piano Identity Management (ID) first-party cookies and their uses.
Overview
|
NAME |
TYPE & CATEGORY |
LIFETIME |
OBJECT |
PURPOSE |
USER OPT-OUT EFFECT |
PROCESSING PARTY |
|---|---|---|---|---|---|---|
|
|
Cookie (Mandatory) |
2 years by default. Can be extended or reduced. |
The User Token Cookie |
See here. |
See here. |
2* |
|
|
Cookie (Essential) |
30 days |
Contains the selected PianoID language locale. |
Used to set the preferred language for the Piano templates. Value for example: |
Language settings set in Piano templates can't be saved. |
2 |
|
|
Cookie (Mandatory) |
30 days |
Domain cookie. Used as the domain in cookies’ default options. |
Contains the URL of the domain received on the front end where the cookie is set. Is used as a domain for other cookies (incl. |
Cookies will be set at the level at which a user is logged in. If the user is logged in to a subdomain, then he will not be authorized on the main domain. |
2 |
|
|
Cookie (Essential) |
2 years by default. Can be extended or reduced. |
Sets if the "Stay logged in" checkbox is checked on the login form. Used to set |
See here. |
Nothing (deprecated). |
2 |
|
|
Cookie (Essential) |
30 days |
Extends the expired access cookie. |
Used to determine if the user token (stored in |
User sessions are not prolonged after the token expiration. |
2 |
|
|
Cookie (Mandatory) |
Session |
Contains code that was returned after ID OAuth authorization. |
Used for ID OAuth authorization and contains a random string. |
ID OAuth stops to work. |
3* |
|
|
Cookie (Essential) |
6 months |
Same as |
Used to determine if the user token (stored in |
User sessions are not prolonged after the token expiration. |
3 |
|
|
Cookie (Essential) |
2 years by default. Can be extended or reduced. |
Set after login if an app is in Global Mode. |
Used for SSO. Contains the AID of the parent application of a global mode organization. |
SSO stops working if |
3 |
|
|
Essential (Cookie) |
2 years by default. Refreshes on login. |
Piano Identity Management user token for the parent AID in Global Mode. |
The Global Mode parent-AID variant of the user-token cookie stored on the Piano domain, analogous to |
SSO and silent auth stop, user must re‑login per app. |
2 |
|
|
Essential |
2 years by default. Can be extended or reduced. |
Contains |
If there are no |
Silent auth will not work in case when |
3 |
|
|
Optional |
30 days |
Contains |
See here. |
Nothing (deprecated). |
3 |
|
|
Local Storage (Mandatory) |
30 days |
The GM-SSO within the Local Storage entry stands for Global Mode Single Sign-on, and if its value reverts to true (1), it means that Global Mode SSO for Piano Identity Managment is configured on the Application ID (AID) included in the name. |
The purpose of this item containing a string is to keep users logged in to sub-applications and ensure cross-application access. |
SSO confirmation screen will be shown on each user visit. |
2 |
|
|
Local Storage (Optional) |
- |
Stores tcf string for the integration with LiveRamp. |
Used for storing the LiveRamp token for a duration of 24 hours. |
LiveRamp token will be generated for each page opening. Now it is caching for 24 hours. |
2 |
*1 = first-party cookies (managed by publishers), 2 = first-party cookies (managed and set by Piano), 3 = third-party cookies.
The User Token Cookie (piano.io)
Name: __utp
Value: JSON web token of the user.
Expiration: The cookie is session-based by default, but if a user selects the option "Stay logged in" when signing in, the user token expiration depends on the value configured in the Piano Identity Management settings. Various browser restrictions and cookie rules affect the expiration as well.
Purpose: This cookie represents a logged-in user's session and stores relevant details about the user. By default, it is set on the top-level domain, but we can configure it to be set on a specific domain or subdomain if required. If you have any further questions, please contact support@piano.io. The cookie securely stores encrypted user information, such as first name, last name, email, UID, associated AID, and login & expiration timestamps. Additional custom fields can be requested based on the user's provider selection or specific client requirements.
What happens if the user opts out: Users can't remain logged in.
The User Session Cookie (clientsite.com)
Name: __idr
Value: 1
Expiration: can be set in the publisher dashboard (Piano Identity Management configuration).
Purpose: The User Session Cookie is set when a user selects the option "Stay logged in" when signing in. The expiration depends on the value configured in the Piano Identity Management settings. Various browser restrictions and cookie rules affect the expiration as well.