Public website
Normal public browsing does not currently set advertising, analytics, or cross-site marketing cookies and does not create an analytics identifier in local storage. First-party visit measurement is storage-free in the browser and is skipped when the browser sends Do Not Track.
Admin session cookie
Signing in to the private blog administration area sets edu_session. It is an essential, signed session cookie used to keep an administrator signed in and enforce roles. It is HTTP-only, uses SameSite=Lax, is marked Secure in production, applies to this website, and expires after 12 hours. Signing out removes it.
Maintenance preview cookie
When maintenance mode is enabled, an authorized operator can enter the separate maintenance token on the maintenance page. A valid entry sets m_bypass for eight hours so that operator can preview the website. The cookie stores a one-way digest, not the token itself. It is HTTP-only, uses SameSite=Strict, is marked Secure in production, and is not set during normal public browsing.
Current inventory
| Name | Type | Purpose | Duration |
|---|---|---|---|
| edu_session | Admin-only cookie | Authentication and role enforcement | 12 hours or sign-out |
| m_bypass | Conditional maintenance cookie | Authorized preview while maintenance mode is enabled | 8 hours or token rotation |
Changes to storage
If analytics, embedded media, or another feature introduces additional browser storage, this inventory should be updated before that feature is released.