We’ve migrated our documentation to a new site, which means some URLs have changed.
Subscriptions

Identity Management Cookies

For the purposes of properly recognizing users when they return to our clients' sites or respond to their campaigns, Piano sets several cookies. This document fully describes those persistent Piano Identity Management (ID) first-party cookies and their uses.

Overview

NAME

TYPE & CATEGORY

LIFETIME

OBJECT

PURPOSE

USER OPT-OUT EFFECT

PROCESSING PARTY

__utp

Cookie (Mandatory)

2 years by default. Can be extended or reduced.

The User Token Cookie

See here.

See here.

2*

__pil

Cookie (Essential)

30 days

Contains the selected PianoID language locale.

Used to set the preferred language for the Piano templates. Value for example: de_DE. If not available, VX's LANG cookie is used.

Language settings set in Piano templates can't be saved.

2

__pid

Cookie (Mandatory)

30 days

Domain cookie. Used as the domain in cookies’ default options.

Contains the URL of the domain received on the front end where the cookie is set. Is used as a domain for other cookies (incl. __utp, __idr, __tae) Example value: .piano.io

Cookies will be set at the level at which a user is logged in. If the user is logged in to a subdomain, then he will not be authorized on the main domain.

2

__idr

Cookie (Essential)

2 years by default. Can be extended or reduced.

Sets if the "Stay logged in" checkbox is checked on the login form. Used to set __utp cookie expiration date (session or default).

See here.

Nothing (deprecated).

2

__eea

Cookie (Essential)

30 days

Extends the expired access cookie.

Used to determine if the user token (stored in __utp) needs to be refreshed with the new expiration automatically every 24 hours.

User sessions are not prolonged after the token expiration.

2

__code

Cookie (Mandatory)

Session

Contains code that was returned after ID OAuth authorization.

Used for ID OAuth authorization and contains a random string.

ID OAuth stops to work.

3*

[AID]__eea

Cookie (Essential)

6 months

Same as __eea, but on the Piano Identity Management domain.

Used to determine if the user token (stored in __utp) needs to be refreshed with the new expiration automatically every 24 hours.

User sessions are not prolonged after the token expiration.

3

p_[PARENT_AID]

Cookie (Essential)

2 years by default. Can be extended or reduced.

Set after login if an app is in Global Mode.

Used for SSO. Contains the AID of the parent application of a global mode organization.

SSO stops working if [AID]__ut is also removed.

3

p_[PARENT_AID]__ut

Essential (Cookie)

2 years by default. Refreshes on login.

Piano Identity Management user token for the parent AID in Global Mode.

The Global Mode parent-AID variant of the user-token cookie stored on the Piano domain, analogous to [AID]__ut. Enable cross‑app SSO and silent auth from Piano domain.

SSO and silent auth stop, user must re‑login per app.

2

[AID]__ut

Essential

2 years by default. Can be extended or reduced.

Contains __utp cookie value but set on the Piano domain.

If there are no __utp or __ut cookies, our frontend calls the backend for a [AID]__ut cookie to get more details about a user's session.

Silent auth will not work in case when __utp was removed.
SSO stops working if p_[PARENT_AID] also was removed.

3

[AID]__idr

Optional

30 days

Contains __idr value but set on the Piano domain.

See here.

Nothing (deprecated).

3

piano-id-initial-gm-sso-shown-AID

Local Storage (Mandatory)

30 days

The GM-SSO within the Local Storage entry stands for Global Mode Single Sign-on, and if its value reverts to true (1), it means that Global Mode SSO for Piano Identity Managment is configured on the Application ID (AID) included in the name.

The purpose of this item containing a string is to keep users logged in to sub-applications and ensure cross-application access.

SSO confirmation screen will be shown on each user visit.

2

pnid-tc-string

Local Storage (Optional)

-

 Stores tcf string for the integration with LiveRamp.

Used for storing the LiveRamp token for a duration of 24 hours.

LiveRamp token will be generated for each page opening. Now it is caching for 24 hours.

2

*1 = first-party cookies (managed by publishers), 2 = first-party cookies (managed and set by Piano), 3 = third-party cookies.

Name: __utp

Value: JSON web token of the user. 

Expiration:  The cookie is session-based by default, but if a user selects the option "Stay logged in" when signing in, the user token expiration depends on the value configured in the Piano Identity Management settings. Various browser restrictions and cookie rules affect the expiration as well.

Purpose: This cookie represents a logged-in user's session and stores relevant details about the user. By default, it is set on the top-level domain, but we can configure it to be set on a specific domain or subdomain if required. If you have any further questions, please contact support@piano.io. The cookie securely stores encrypted user information, such as first name, last name, email, UID, associated AID, and login & expiration timestamps. Additional custom fields can be requested based on the user's provider selection or specific client requirements.

What happens if the user opts out: Users can't remain logged in.

Name: __idr

Value: 1 

Expiration: can be set in the publisher dashboard (Piano Identity Management configuration).

Purpose: The User Session Cookie is set when a user selects the option "Stay logged in" when signing in. The expiration depends on the value configured in the Piano Identity Management settings. Various browser restrictions and cookie rules affect the expiration as well.

Last updated: