Product Cookies
Find information on cookie definitions of those Egress Software implements, and acceptance or denial of these mechanisms.
What is a cookie?
A cookie is a small text file that contains a small amount of information and is downloaded to your device when you log into and use our products and services.
We use them for tracking and strictly necessary purposes.
What if you do not want to accept the cookies that we use?
If you choose to block or restrict the cookies set by our products and services, you will not be able to use the service or they will not function normally.
What cookies do we use?
The following are all first party cookies, set by us.
Protect (reader.egress.com) Web Reader
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
ASP.NET_SessionID |
Expires on sign out or closing browser |
To associate user activity with a particular logged in user |
Product and service will not work at all (you cannot sign in) |
|
eoc2<guid> |
30 days |
Allows a particular browser to access message history |
No message history will be displayed |
|
waoptions |
365 days |
Contains various persistent web access settings, including a unique reference that identifies the recipient of secure emails and their browser |
No significant effect but, for example,: (i) the intro page will be shown to you on each visit; (ii) the cookie banner will always show up; and (iii) a recipient rejecting it will need to authenticate through web-reader each time to access a secure email’s Content |
|
ai_session |
1 day |
User metrics |
None |
|
ai_user |
10 months |
User metrics |
None |
|
__RequestVerificationToken |
Session |
Form and button operations |
Certain forms / buttons on the website will stop working, and will be seen as XSS. |
Defend Admin Portal (including HRM)
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
AWSALB |
7 days |
AWS ELB application load balancer |
Performance degradation or service will not be available |
|
AnnouncementCookie |
Session |
Captures whether announcements have been read or should appear to user on logon |
Users will see what’s new notifications upon logon |
|
AWSALBCORS |
7 days |
This cookie is managed by AWS and is used for load balancing. AspNetCore.Cookies |
Performance degradation or service will not be available |
|
.AspNetCore.Cookies |
7 hours |
To keep a logged on session open |
Unable to login |
Secure Workspace
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
mfaModal Displayed |
10 years |
Remember if the user has read initial information presented for MFA |
MFA info will show every time |
|
session |
Session |
User identification between requests |
Product and service will not work at all |
|
lastFileinboxView |
360 days |
Remember when the user last checked the file inbox to decide on notifications |
User will be notified about all historical file inbox items |
|
lastLoginServer |
31 days |
Remember the authentication server used, to prioritise at top of selection list |
User will always see default ordering of login servers |
|
qs_id |
Session |
Allows access to anonymous quickshare links that are protected by policy |
Access will be denied |
Secure Web Form
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
.EgressSecureForms.Authentication |
Session |
if the form uses makes the user log into ESI / SDX first this cookie is there to tell the product they are logged in / authenticated. We use this to temporarily save data as a customer fill in the form usually on big forms that take days to fill out |
Incomplete forms will have to start over from the beginning. |
|
.EgressSecureForms.Culture |
Session |
Tracks what language and locale the users' browser or computer is using which can help default the language the form uses when a form that offers itself in multiple languages |
User locales and language settings will not be applied to the session |
|
.ESI.Nonce |
During authentication |
To enable login where authentication is required |
Unable to authenticate and use form |
|
.ESI.WebTicket |
During authentication |
To enable login where authentication is required |
Unable to authenticate and use form |
| .AspNetCore.Antiforgery.xxxxxxxx |
Session |
Prevents unauthorized actions on our forms by ensuring that any requests made are genuine and not from a malicious source. |
Form unable to verify that your requests are legitimate, and would therefore reject the request. |
| ASLBSA |
Session |
Ensures that your interactions with our form are smooth and consistent. Helps maintain "session affinity," meaning they ensure that your requests are always forwarded to the same server during your session |
Without these cookies, your session might be disrupted, leading to potential issues like being logged out unexpectedly and/or failing to upload files. |
| ASLBSACORS |
Session |
Portal Analytics (including HRM)
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
tnpSession |
4 hours |
Contains user’s session ID. Set and removed each time the user logs in/logs out |
The user will not have a valid session and therefore will not be able to use the site |
|
acceptedDataPrivacyPolicy– [userId] |
91 days |
Checks whether the user has accepted the data privacy warning |
The user will have to accept the data privacy notice each time they log-in |
|
acceptedCookieUsage-[userId] |
91 days |
Checks whether the user has clicked “accept” on the cookie banner |
The cookie notice will appear each time the user uses the site |
|
.AspNetCore.Cookies.UK |
Session |
Delivers the user menu |
The user menu will present an error and not be able to use the service. |
Respond*
|
Cookie |
Duration |
Description |
Impact if blocked or rejected |
|---|---|---|---|
|
ASP.NET_SessionID |
Expires on sign out or closing browser |
To associate user activity with a particular logged in user |
Product and service will not work at all (you cannot sign in) |
|
ASP.NET_SessionID |
365 days |
Remember the default state of user interface components |
User interfaces will revert to the default settings |
* Respond is provided for a customer’s internal use only and withdrawn from sale.
Captcha
We offer our customers two options when we develop a Secure Webform for them. They can choose to deploy either Google reCAPTCHA or our captcha tool.
Google reCAPTCHA
Google’s reCAPTCHA helps protect against cyber spam and abuse. Google reCAPTCHA deploys a token to your device which sends information to the Google API about your hardware and software information (e.g. device and application data and the results of integrity checks) and sending that data to Google for analysis. This data may include other information about the cookies placed by Google over the last 6 months, how many mouse clicks you made on the screen (or touches if on a touch device), the CSS information for that page, the date, the browser language, plug-ins installed on your browser and Javascript objects. This information will be used by Google for improving the reCAPTCHA tool and for general security purposes.
Our systems simply receive a yes/no type answer from Google before proceeding or rejecting your submission. No information about you is collected by us.
Our own captcha tool
If our own captcha system is deployed then it simply checks whether the details entered match and then our systems either proceed or reject your submission. No information about you is collected by us.
Do we use anything similar to a cookie?
Yes, our desktop plug-ins and mobile apps will recognise you and your device in order to ensure that your plug-in, device and app are able to be correctly authenticated by our systems. These provide essential operations in order to enable you to use these free-to-download tools. Our systems do not obtain any other information about you from this functionality.
When was this policy last updated?
24 July 2024
Added Webforms and Protect cookie descriptions