Educatifu

Cookies and Storage

A plain-language inventory of browser storage.

Last updated: 12 July 2026

Public website

Normal public browsing does not currently set advertising, analytics, or cross-site marketing cookies and does not create an analytics identifier in local storage. First-party visit measurement is storage-free in the browser and is skipped when the browser sends Do Not Track.

Admin session cookie

Signing in to the private blog administration area sets edu_session. It is an essential, signed session cookie used to keep an administrator signed in and enforce roles. It is HTTP-only, uses SameSite=Lax, is marked Secure in production, applies to this website, and expires after 12 hours. Signing out removes it.

Maintenance preview cookie

When maintenance mode is enabled, an authorized operator can enter the separate maintenance token on the maintenance page. A valid entry sets m_bypass for eight hours so that operator can preview the website. The cookie stores a one-way digest, not the token itself. It is HTTP-only, uses SameSite=Strict, is marked Secure in production, and is not set during normal public browsing.

Current inventory

NameTypePurposeDuration
edu_sessionAdmin-only cookieAuthentication and role enforcement12 hours or sign-out
m_bypassConditional maintenance cookieAuthorized preview while maintenance mode is enabled8 hours or token rotation

Changes to storage

If analytics, embedded media, or another feature introduces additional browser storage, this inventory should be updated before that feature is released.