[CF1] access cookies table format (#23589)

deadlypants1973 · thomasgauvin · commit 081fe204c241 · 2025-08-15T16:52:26.000-04:00
* [CF1] access cookies table format

* remix format
diff --git a/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx b/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
@@ -12,7 +12,7 @@ When you protect a site with Cloudflare Access, Cloudflare checks every HTTP req
 
 ## Access JWTs
 
-The `CF_Authorization` cookie contains the user's identity in the form of a JSON Web Token (JWT). Cloudflare securely creates these tokens through the OAUTH or SAML integration between Cloudflare Access and the configured identity provider.
+The `CF_Authorization` cookie contains the user's identity in the form of a [JSON Web Token (JWT)](https://www.cloudflare.com/learning/access-management/token-based-authentication/). Cloudflare securely creates these tokens through the OAUTH or SAML integration between Cloudflare Access and the configured identity provider.
 
 Access generates two separate `CF_Authorization` tokens depending on the domain:
 
@@ -32,14 +32,41 @@ If the Access application has more than five domains, Access will not preemptive
 
 The following Access cookies are essential to Access functionality. Cookies that are marked as required cannot be opted out of. The following cookies are not used for tracking or analytics.
 
-| Cookie                                                                                                     | Details                                                                                                                                                                                                                                                                                                                 | Expiration                                                                                                                                                                                                                                                                                                                  | HttpOnly                     | SameSite                     | Required? |
-| ---------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------- | --------- |
-| [CF_Authorization](/cloudflare-one/identity/authorization-cookie/#access-jwts) (team domain)               | [JSON web token (JWT)](https://www.cloudflare.com/learning/access-management/token-based-authentication/) set on the `cloudflareaccess.com` [team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) that contains the user's identity and enables Access to perform single sign-on (SSO) | If set, adheres to [global session duration](/cloudflare-one/identity/users/session-management/#global-session-duration).<br/><br/> If not, adheres to [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Yes                          | None                         | Required  |
-| [CF_Authorization](/cloudflare-one/identity/authorization-cookie/#access-jwts) (Access application domain) | [JSON web token (JWT)](https://www.cloudflare.com/learning/access-management/token-based-authentication/) set on the domain protected by Access that allows Access to confirm that the user has been authenticated and is authorized to reach the origin                                                                | If set, adheres to [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration).<br/><br/> If not, adheres to [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Admin choice (Default: None) | Admin choice (Default: None) | Required  |
-| CF_Binding                                                                                                 | Refer to [Binding cookie](/cloudflare-one/identity/authorization-cookie/#binding-cookie)                                                                                                                                                                                                                                | If set, adheres to [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration).<br/><br/> If not, adheres to [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Yes                          | None                         | Optional  |
-| CF_Session                                                                                                 | [CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used on the `cloudflareaccess.com` [team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name)                                                                                                | 4 hours                                                                                                                                                                                                                                                                                                                     | Yes                          | None                         | Required  |
-| CF_AppSession                                                                                              | [CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used per application domain, scoped to individual applications behind Access                                                                                                                                             | 24 hours                                                                                                                                                                                                                                                                                                                    | Yes                          | None                         | Required  |
-| CF_Device                                                                                                  | Cookie used to help prevent abuse of the [Access OTP flow](https://developers.cloudflare.com/cloudflare-one/identity/one-time-pin/)                                                                                                                                                                                     | 30 days                                                                                                                                                                                                                                                                                                                     | Yes                          | Strict                       | Required  |
+### CF_Authorization (team domain)
+
+| Details                                                                                                                                                                                                                                                                                          | Expiration                                                                                                                                                                                                                                                                                                                                                          | HttpOnly | SameSite | Required? |
+| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------- | --------- |
+| [JSON web token (JWT)](/cloudflare-one/identity/authorization-cookie/#access-jwts) set on the `cloudflareaccess.com` [team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) that contains the user's identity and enables Access to perform single sign-on (SSO) | <details><summary>View</summary>If set, adheres to [global session duration](/cloudflare-one/identity/users/session-management/#global-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Yes      | None     | Required  |
+
+### CF_Authorization (Access application domain)
+
+| Details                                                                                                                                                                                                                           | Expiration                                                                                                                                                                                                                                                                                                                                                          | HttpOnly                     | SameSite                     | Required? |
+| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------- | --------- |
+| [JSON web token (JWT)](/cloudflare-one/identity/authorization-cookie/#access-jwts) set on the domain protected by Access that allows Access to confirm that the user has been authenticated and is authorized to reach the origin | <details><summary>View</summary>If set, adheres to [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Admin choice (Default: None) | Admin choice (Default: None) | Required  |
+
+### CF_Binding
+
+| Details                                                                                  | Expiration                                                                                                                                                                                                                                                                                                                                                          | HttpOnly | SameSite | Required? |
+| ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------- | --------- |
+| Refer to [Binding cookie](/cloudflare-one/identity/authorization-cookie/#binding-cookie) | <details><summary>View</summary>If set, adheres to [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Yes      | None     | Optional  |
+
+### CF_Session
+
+| Details                                                                                                                                                                                                                  | Expiration | HttpOnly | SameSite | Required? |
+| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | -------- | -------- | --------- |
+| [CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used on the `cloudflareaccess.com` [team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) | 4 hours    | Yes      | None     | Required  |
+
+### CF_AppSession
+
+| Details                                                                                                                                                                     | Expiration | HttpOnly | SameSite | Required? |
+| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | -------- | -------- | --------- |
+| [CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used per application domain, scoped to individual applications behind Access | 24 hours   | Yes      | None     | Required  |
+
+### CF_Device
+
+| Details                                                                                                                             | Expiration | HttpOnly | SameSite | Required? |
+| ----------------------------------------------------------------------------------------------------------------------------------- | ---------- | -------- | -------- | --------- |
+| Cookie used to help prevent abuse of the [Access OTP flow](https://developers.cloudflare.com/cloudflare-one/identity/one-time-pin/) | 30 days    | Yes      | Strict   | Required  |
 
 ## Cookie settings
 
