The following policy relates to the Oxford City Council Tenant Portal (add URL).
Introduction
Cookies are small text files that are placed on your device (like a computer or smartphone) by websites that you visit. They are widely used to make websites work more efficiently, as well as to provide information to the owners of the site. Here are key aspects of how cookies function and their purpose:
Storage of Information: Cookies typically contain information about your website visit, which might include your preferences, login status, and which pages you visited. The website, or a third-party service it uses, can then retrieve this information on your next visit to provide a personalized experience.
Essential Cookies: Necessary for the operation of the website. They include, for example, cookies that enable you to log into secure areas.
Performance Cookies: Collect information about how you use a website, like which pages you visited, and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized.
Functionality Cookies: Allow the website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features.
Advertising Cookies: Used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaigns.
Privacy and Regulation: The use of cookies raises concerns about privacy, especially regarding the tracking of user behaviour across the internet. Laws in many regions, like the GDPR in the European Union, require websites to obtain consent from users before placing cookies that are not strictly necessary for the operation of the site.
Types of Cookies:
Session Cookies: These are temporary cookies that remain in your browser’s cookie file only for the duration of your visit and are deleted when you close the browser. They help websites remember what you did on previous pages, preventing the need to re-enter information.
Persistent Cookies: These remain in your browser for a period specified in the cookie and are activated each time you visit the website that created that particular cookie. These are used for remembering your preferences and making subsequent visits faster and more personalized.
First-Party Cookies: Set by the website you are visiting directly and are often used to remember your settings as you move between pages or to maintain sessions if you log in.
Third-Party Cookies: Placed by a domain other than the one you are visiting, often used for tracking and online-advertising purposes.
Product Cookies
|
Cookie Name and type |
Description |
Domain |
Lawfulness of processing |
|---|---|---|---|
|
AspNetCore.Antiforgery. – Essential |
Anti-forgery token used to prevent cross-site request forgery (CSRF) attacks. |
General |
|
|
ClientIdToken - Essential |
Identifies a device for verification in multi-factor authentication (MFA) flows. |
General |
|
|
Idsrv - Essential |
Identity cookie for the Security Token Service (STS), indicating if a user has already signed in. |
STS |
|
|
idsrv.session - Essential |
Session cookie for the STS. |
STS |
|
|
ASLBSACORS, ASLBS - Essential |
Used by Azure Front Door service for sticky sessions to ensure requests from the same session are sent to the same server. |
Azure Hosting Specific |
|
|
orchantiforgery_[Unique] - Essential |
Anti-forgery token similar to the general AspNetCore token, specific to the CRM web portal to prevent CSRF attacks. |
CRM Web Portal |
|
|
AspNetCore.Correlation.oidc.[Unique] - Essential |
Supports the OpenID Connect authentication flow, helping to correlate authentication requests between portals. |
CRM Web Portal |
|
|
AspNetCore.OpenIdConnect.Nonce.[Unique] - Essential |
Helps maintain the security of the OpenID Connect authentication flow by preventing replay attacks. |
CRM Web Portal |
|
|
360.web.app[CN] - Essential |
Identity cookie for the CRM web portal, identifying logged-in users. |
CRM Web Portal |
|
|
AspNetCore.Session - Essential |
Session cookie for the CRM web portal, maintaining user session state. |
CRM Web Portal |
|
Aareon UK Cookie Usage Summary
Aareon UK employs a variety of essential cookies to enhance the functionality and security of its customer portal and related services. These cookies are crucial for maintaining session integrity, enhancing user authentication, preventing security threats, and ensuring that user preferences and session states are consistently managed across the platform. Below is a breakdown of the types of cookies used and their purposes:
Security and Authentication Cookies
AspNetCore.Antiforgery and orchantiforgery_[Unique] are used to prevent cross-site request forgery (CSRF) attacks, ensuring that requests made to the portal are genuine and originate from authenticated users.
ClientIdToken and idsrv are critical for verifying user identities, especially in scenarios involving multi-factor authentication (MFA) and secure login processes.
Session Management Cookies
idsrv.session and AspNetCore.Session are essential for maintaining user sessions within the Security Token Service (STS) and the CRM web portal, respectively. These cookies ensure that a user's session remains active and secure throughout their interaction with the portal.
ASLBSACORS and ASLBS are employed by Azure Front Door service to manage sticky sessions, which help in routing requests from the same session to the same server consistently, thereby enhancing load balancing and user experience.
Functionality and Performance Cookies
AspNetCore.Correlation.oidc.[Unique] and AspNetCore.OpenIdConnect.Nonce.[Unique] support the OpenID Connect authentication process, improving security by correlating authentication requests and preventing replay attacks.
Identity Verification Cookies
360.web.app[CN] specifically identifies logged-in users on the CRM web portal, pivotal for personalizing user interactions and maintaining secure and tailored experiences.
Each of these cookies plays a vital role in the smooth operation of Aareon UK's web services, making them essential and non-optable. They are implemented to ensure that the functionality required for secure, efficient, and user-friendly navigation is maintained. The cookies are categorized based on their function—ranging from security enhancement to performance analytics—and are strictly managed in compliance with relevant data protection and privacy regulations.
Essential Cookie Usage and Opt-Out Exemption
The cookies detailed in the documentation are classified as essential due to their critical roles in enabling fundamental functionalities and enhancing the usability of the platforms. These cookies are integral to the following aspects:
User Authentication and Security
Cookies like auth_token and SID are vital for securely verifying user identities during a session. They help in maintaining secure logins and protecting user data from unauthorized access.
Session Management
Cookies such as ct0 and ASP.NetCore.Session ensure that users' session states are maintained across page requests. This is crucial for a consistent and secure user experience, particularly when engaging in processes that involve multiple stages or require login.
User Preferences
Cookies like personalization_id and d_prefs store user preferences, including language and accessibility options, which are essential for providing a personalized experience. These settings allow the platforms to operate in accordance with user needs and preferences.
Service Functionality
Several cookies, including guest_id and NID, are used to enable and support the operational functionality of the platforms. They ensure that services like content loading and data processing occur without interruption, which is fundamental to the core services offered.
Due to their fundamental roles, opting out of these cookies would significantly impede the functionality of the platforms, leading to a diminished user experience and potentially rendering critical services non-functional. These cookies do not track users across third-party websites and are limited to essential operational functions, thereby aligning with privacy and data protection standards that allow for such essential cookies to be exempt from the opt-out processes.
