# Cookie Information

## Cookies set by iPaper

The following cookies are set when visiting a flipbook on the iPaper platform, we put high effort into ensuring that we follow best practices and actions that could be categorized differently unless the user gives consent.

<table><thead><tr><th width="285">Name</th><th width="161">Value</th><th width="238">Purpose</th><th width="117">SameSite</th><th width="110">HttpOnly</th><th>Secure</th><th width="118">Category</th><th>Expiry</th></tr></thead><tbody><tr><td>ASP.NET_SessionId</td><td>Unique random string</td><td>Session cookie to ensure that the visitor is given access to the respective flipbook, and it's needed assets.</td><td>None</td><td>True</td><td>True</td><td>Strictly necessary</td><td>Session</td></tr></tbody></table>

### Why does the `ASP.NET_SessionId` have SameSite: None?

To ensure our system works correctly when embedded in an iframe or app, we explicitly allow our session cookie to be read by other domains.

If we were to change this, things such as basket content, wouldn't be persisted between page refreshes.

## Cookie categories

If you enable the iPaper cookie banner, or you are using a 3rd party consent management platform through our integration option, this is how the four categories of cookies affect the iPaper solution. Note that we only ever set the cookies defined under “Cookies set by iPaper”, however, their use changes depending on the cookie permissions granted by the user.

### Strictly necessary

This category is always allowed and makes sure the basic iPaper experience works. This is what ensures products stay in the basket and that basic features in the Flipbook works.

### Performance

If we do not get the performance permission, iPaper only tracks basic statistics that are not correlated with the actual session in any way. This is data such as PDF downloads, logo clicks, time of day, etc. With the performance permission granted, iPaper furthermore also tracks page views & time spent.

### Functionality

This category has no impact on the iPaper solution and is only there for future proofing.

### Advertising

All iPaper integrations are disabled if we do not get advertising permission. This includes Google Analytics, Google Tag Manager, Facebook and other integrations.

## Technologies used

As mentioned above in the [#cookies-set-by-ipaper](#cookies-set-by-ipaper "mention") section, we use cookies for storing sessions.

When it comes to the storage of the current cookie category consent given, this is currently stored in [localStorage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage). This is however subject to change and could in the future be moved to use a different technology if we deem it more suitable. The technology used may also differ dependent on the browser used.

The stored item in localStorage follows the naming scheme `userCookieConsent_[LicenseID]_[CookieBannerType]` and has a value consisting of an object with the following properties:

<table><thead><tr><th>Name</th><th width="240.33333333333331">Value</th><th>Purpose</th></tr></thead><tbody><tr><td><code>shouldAllowPerformanceCookies</code></td><td><code>boolean</code></td><td>Determines if user has consented to "Performance" cookies</td></tr><tr><td><code>shouldAllowFunctionalCookies</code></td><td><code>boolean</code></td><td>Determines if user has consented to "Functional" cookies</td></tr><tr><td><code>shouldAllowAdvertisingCookies</code></td><td><code>boolean</code></td><td>Determines if user has consented to "Advertising" cookies</td></tr><tr><td><code>expires</code></td><td><code>date</code></td><td>Date when the stored item will expire</td></tr></tbody></table>

{% hint style="info" %}
**Note:**

Please do not attempt to manipulate/update this localStorage value manually, but instead rely on the [JS API for updating consent](https://docs.ipaper.io/flipbook-javascript-api/commands-and-events/consent).
{% endhint %}