۶Ƶ

Cookie law compliance

Cookies are small files that are saved to the computer of each visitor to your site, and used as temporary holding places for information. Information that is saved in cookies is used to personalize the shopping experience, link visitors to their shopping carts, measure traffic patterns, and improve the effectiveness of promotions. To keep pace with legislation in many countries regarding the use of cookies, ۶Ƶ Commerce and Magento Open Source offer merchants a choice of methods to obtain customer consent. For a list of the default cookies in ۶Ƶ Commerce and Magento Open Source, the Cookie Reference.

NOTE
If you modify the default Google privacy settings to comply with the General Data Protection Regulation, it is not necessary to obtain user consent for the use of Google Analytics cookies.

When cookie restriction mode is enabled, visitors to your store are notified that cookies are required for full-featured operations. Depending on your theme, the message might appear above the header, below the footer, or somewhere else on the page. The message links to your privacy policy for more information, and encourages visitors to click the Allow button to grant consent. After consent is granted, the message disappears.

Your privacy policy) should include the name of your store and contact information, and explain the purpose of each cookie that is used by your store. To learn more, see Cookie Reference.

NOTE
If you change the URL key of the privacy policy, you must also create a custom URL rewrite to redirect traffic to the new URL key. Otherwise, the link in the Cookie Restriction Mode message returns 404 Page Not Found.

Example storefront - cookie restriction notice {width="600"}

  1. On the Admin sidebar, go to Stores > Settings > Configuration.

  2. In the left navigation panel under General, choose Web.

  3. Expand the Default Cookie Settings section and do the following:

    Web configuration - default cookie settings {width="600"}

    • Enter the Cookie Lifetime in seconds.

    • If you want to make cookies available to other folders, enter the Cookie Path. To make the cookies available anywhere in the site, enter a forward slash (/). This value can contain only the cookie path, and cannot contain any other cookie parameters.

    • To make the cookies available to a subdomain, enter the subdomain name in the Cookie Domain field (subdomain.yourdomain.com). To make cookies available to all subdomains, enter the domain name preceded by a period (.yourdomain.com). This value can contain only the cookie domain, and cannot contain any other cookie parameters.

    • To prevent scripting languages, such as JavaScript, from gaining access to cookies, make sure that Use HTTP Only is set to Yes.

    • Set Cookie Restriction Mode to Yes.

      If necessary, clear the checkbox and click OK to confirm scope switching.

  4. When complete, click Save Config.

  5. When prompted to update the cache, click the Cache Management link in the system message and refresh each invalid cache.

Step 2: Update your privacy policy

Update your privacy policy so that it reflects the information that your company collects and how it is used.

Default cookies

The default cookies in ۶Ƶ Commerce and Magento Open Source are classified as Exempt/Non-Exempt to help merchants meet the requirements of privacy regulations such as the GDPR. Merchants should use this information as a guide, and consult with legal advisors to update their Privacy and Cookie Policies as part of a comprehensive privacy regulation compliance strategy.

The following cookies are used by Commerce “out of the box” for on-premise and cloud installations. These cookies may be required by functionality that is explicitly requested by the customer. To learn more about the lifetime of session cookies, see Session Lifetime.

Some of these cookies may provide configuration options, including enable/disable, as needed.

Requested functionality cookies (exempt)

add_to_cart

۶Ƶ Commerce (۶Ƶ Commerce only) Captures the product SKU, name, price, and quantity removed from the cart. Allows Google Analytics to know when a product has been added to a cart.

guest-view

Links a guest order to a guest (because there is no account for guest).

login_redirect

Saves redirect URL to route user if successful login and user registration. Saves the page that a user was on prior to log in (to determine the location they will go back to after they log in).

mage-banners-cache-storage

۶Ƶ Commerce (۶Ƶ Commerce only) Stores banner content locally to improve performance. Banner content is any content that a merchant would display on their website.

mage-messages

Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper. There is not an option to disable this cookie. This is how one-time information is communicated to the user, such as error messages.

product_data_storage (local storage)

Stores configuration for product data used to use “Recently Viewed” and “Compare Products” functions. Stores a user’s specific settings (for example, if they have recently viewed a product or compared products).

recently_compared_product (local storage)

Stores product IDs of recently compared products.

recently_compared_product_previous (local storage)

Stores product IDs of previously compared products for easy navigation.

recently_viewed_product (local storage)

Stores product IDs of recently viewed products for easy navigation.

recently_viewed_product_previous (local storage)

Stores product IDs of recently viewed products for easy navigation.

remove_from_cart

۶Ƶ Commerce (۶Ƶ Commerce only) Allows Google Analytics to know when a product has been removed from a cart.

stf

Records the time messages are sent by the SendFriend (Email a Friend) module. When a shopper sends a link to a product, this cookie records a time-stamp and maintains a count.

X-Magento-Vary

Indicates when a new version of a page needs to be served from the cache. Supports website performance.

form_key

A security mechanism that holds a randomly generated value to prevent Cross Site Request Forgery attacks (CSRF) by helping determine whether a request came from a genuine source or a bad actor. This is an industry-standard practice to prevent CSRF attacks.

mage-cache-sessid

Useful in determining when to clean local storage in the browser after session expiry. This is used to determine if local storage has to be cleaned. The absence of this cookie triggers local storage cleanup.

mage-cache-storage

Local storage of visitor-specific content that enables e-commerce functions. Unused by default, but when it is used, it’s used to expedite checkout so that basic user information is available when someone leaves and returns.

mage-cache-storage-section-invalidation

Stores information related to which sections of the page need to be invalidated and removed.

persistent_shopping_cart

Stores the key ID of a persistent cart to make it possible to restore the cart for an anonymous shopper.

private_content_version

Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server. It is set in multiple places: in PHP, in JavaScript as a cookie, and in JavaScript to local storage.

section_data_ids

Stores customer-specific information related to shopper-initiated actions, such as wish list display and checkout information.

store

Tracks the specific store view/locale selected by the shopper.

mage-banners-cache-storage

۶Ƶ Commerce (۶Ƶ Commerce only) Local storage for Banner functionality. Banner means general website assets any information displayed to a shopper.

PHPSESSID

Tracks user sessions on the storefront. This is the shoppers who use the end-products.

admin

Tracks user sessions on the Admin side.

loggedOutReasonCode

Set when an Admin user is locked out after a certain number of unsuccessful password attempts.

section_data_clean

Set when a user switches store view. The presence of this cookie triggers JavaScript to reload certain sections on the page to reflect the correct store view.

lang

Set indirectly by the Admin Analytics module. Being used only in an administrative area of a store. Not applicable to shoppers.

s_fid

Set indirectly by the Admin Analytics module. Fallback unique visitor ID time/date stamp. It is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. Being used only in an administrative area of a store. Not applicable to shoppers.

s_cc

Set indirectly by the Admin Analytics module. It is set and read by the JavaScript code to determine if cookies are enabled. Being used only in an administrative area of a store. Not applicable to shoppers.

apt.sid

Set by the Gainsight PX library indirectly used by the Admin Analytics module. The purpose of this cookie is to allow persistent session ID tracking under the top-level domain of the product and is used as a reference ID to the active session. Being used only in an administrative area of a store. Not applicable to shoppers.

apt.uid

Set by the Gainsight PX library indirectly used by the Admin Analytics module. The purpose of this cookie is to allow persistent ID tracking under the top-level domain of the product and is used as a reference ID to the user entity. Being used only in an administrative area of a store. Not applicable to shoppers.

s_sq

Set indirectly by the Admin Analytics module. Used by the ClickMap feature that collects data on where visitors click and what they click. Stores information from each click. Being used only in an administrative area of a store. Not applicable to shoppers.

pagebuilder_modal_dismissed

Set by the Page Builder Module. Contains a flag that prevents subsequent prompts asking an admin to confirm a certain action from opening if the admin explicitly dismissed them before. Being used only in an administrative area of a store. Not applicable to shoppers.

pagebuilder_template_apply_confirm

Set by the Page Builder Module. Contains a flag that prevents subsequent prompts asking an admin to confirm a certain action from opening if the admin explicitly dismissed them before. Being used only in an administrative area of a store. Not applicable to shoppers.

accordion-{VARIABLE}-{VARIABLE}

Being used as a part of tabs functionality implementation only in an administrative area of a store. Not applicable to shoppers.

Product Recommendations cookies

۶Ƶ Commerce (۶Ƶ Commerce only) The following cookies are used by Product Recommendations for ۶Ƶ Commerce customers. These cookies are installed with the DataServices module.

  • mg_dnt: Allows you to restrict ۶Ƶ Commerce data collection if you have custom code to manage cookie consent on your site.
  • user_allowed_save_cookie: Used for cookie restriction mode.
  • authentication_flag: Indicates if a shopper has signed in or signed out. This cookie is updated at the same time as the dataservices_customer_id cookie.
  • dataservices_customer_id: Indicates if a shopper has signed in or signed out. This cookie contains the customer’s unique ID in the system.
  • dataservices_customer_group: Indicates a customer’s group. This cookie is stored as checksum of the customer’s group ID.
  • dataservices_cart_id: Identifies a shopper’s cart actions. This cookie contains the customer’s unique cart ID in the system.
  • dataservices_product_context: Identifies a shopper’s product interactions. This cookie contains the customer’s unique quote ID in the system.

Additional cookies

۶Ƶ Commerce (۶Ƶ Commerce only) The following cookies are set for ۶Ƶ Commerce customers. These cookies are installed with the DataServices module.

  • mg: Set by Snowplow JavaScript tracker. More information can be found in the .
  • com.adobe.alloy.getTld: Given the current web page’s hostname, this is the top-most domain that is not a “public suffix” as outlined in https://publicsuffix.org. Essentially, this is the top-most domain that can accept cookies. This cookie is part of the .
recommendation-more-help
31746fd0-1ead-45b5-9192-1aaf582c5f66