Legal
Cookie Declaration
This table lists active cookies and related storage technologies currently used in SaaS Foundations Demo.
- Effective date:
- February 24, 2026
- Last updated:
- February 25, 2026
No optional categories are currently active in this release. The table still includes required technologies needed for core service operation.
| Category | Required | Service | Identifier key | Storage type | Provider | Party | Duration | Purpose |
|---|---|---|---|---|---|---|---|---|
| Necessary | Yes | Authentication and session security Keeps signed-in sessions secure and maintains core account access. | __Host-authjs.csrf-token | Cookie | SaaS Foundations Demo (Auth.js) | First-party | Session (secure context only) | Secure CSRF token variant used in HTTPS contexts. |
| Necessary | Yes | Authentication and session security Keeps signed-in sessions secure and maintains core account access. | __Secure-authjs.callback-url | Cookie | SaaS Foundations Demo (Auth.js) | First-party | Session (secure context only) | Secure callback URL variant used in HTTPS contexts. |
| Necessary | Yes | Authentication and session security Keeps signed-in sessions secure and maintains core account access. | __Secure-authjs.session-token | Cookie | SaaS Foundations Demo (Auth.js) | First-party | Session (secure context only) | Secure session token variant used in HTTPS contexts. |
| Necessary | Yes | Authentication and session security Keeps signed-in sessions secure and maintains core account access. | authjs.callback-url | Cookie | SaaS Foundations Demo (Auth.js) | First-party | Session | Stores the post-authentication return URL for Auth.js flows. |
| Necessary | Yes | Authentication and session security Keeps signed-in sessions secure and maintains core account access. | authjs.csrf-token | Cookie | SaaS Foundations Demo (Auth.js) | First-party | Session | Protects Auth.js form submissions against cross-site request forgery. |
| Necessary | Yes | Authentication and session security Keeps signed-in sessions secure and maintains core account access. | authjs.session-token | Cookie | SaaS Foundations Demo (Auth.js) | First-party | Session (rotated while active) | Maintains authenticated session state for signed-in users. |
| Necessary | Yes | Cookie preference state and replay reliability Stores consent choices and reliability metadata used for replay and cross-tab sync. | sf_consent | Cookie | SaaS Foundations Demo | First-party | 180 days | Persists cookie consent state, consent context ID, and consent version. |
| Necessary | Yes | Cookie preference state and replay reliability Stores consent choices and reliability metadata used for replay and cross-tab sync. | sf-consent-audit-queue:v2 | Local storage | SaaS Foundations Demo | First-party | Up to 7 days (auto-pruned) | Temporarily stores signed replay tokens when audit persistence must retry. |
| Necessary | Yes | Cookie preference state and replay reliability Stores consent choices and reliability metadata used for replay and cross-tab sync. | sf-consent-sync-event | Local storage | SaaS Foundations Demo | First-party | Ephemeral (overwritten on updates) | Broadcasts consent updates across tabs when BroadcastChannel fallback is needed. |
| Necessary | Yes | Signup abuse prevention Protects signup flow from automated abuse with security checks. | cf-turnstile-response | Token / request | Cloudflare Turnstile | Third-party | Single request / short-lived challenge | Validates that signup requests are human and mitigates abuse. |
| Necessary | Yes | Theme preference Stores light/dark/system preference for accessibility and UX continuity. | theme | Cookie | SaaS Foundations Demo | First-party | 1 year | Persists display theme preference across visits. |
| Necessary | Yes | Theme preference Stores light/dark/system preference for accessibility and UX continuity. | theme | Local storage | SaaS Foundations Demo | First-party | Persistent until changed or cleared | Allows theme resolution before hydration and across sessions. |