You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|[CF_Authorization](/cloudflare-one/identity/authorization-cookie/#access-jwts) (team domain) |[JSON web token (JWT)](https://www.cloudflare.com/learning/access-management/token-based-authentication/) set on the `cloudflareaccess.com`[team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) that contains the user's identity ands enables Access to perform single sign-on (SSO) | If [global session duration](/cloudflare-one/identity/users/session-management/#global-session-duration) is set, adheres to that.<br/><br/> If not, adheres to the [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Yes | None | Yes |
40
-
|[CF_Authorization](/cloudflare-one/identity/authorization-cookie/#access-jwts) (Access application domain) |[JSON web token (JWT)](https://www.cloudflare.com/learning/access-management/token-based-authentication/) set on the domain protected by Access, used to confirm that the user has been authenticated and is authorized to reach the origin | If [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration) is set, adheres to that.<br/><br/> If not, adheres to the [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Admin choice (Default: No) | Admin choice (Default: None) | Yes |
41
-
| CF_Binding | Refer to [Binding cookie](/cloudflare-one/identity/authorization-cookie/#binding-cookie)| If [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration) is set, adheres to that.<br/><br/> If not, adheres to the [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Yes | None | Optional |
42
-
| CF_Session |[CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used on the `cloudflareaccess.com`[team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name)| 4 hours | Yes | None | Required |
43
-
| CF_AppSession |[CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used per application domain, scoped to individual applications behind Access | 24 hours | Yes | None | Required |
35
+
The following Access cookies are essential to Access functionality. Cookies that are marked as required cannot be opted out of. These cookies are not used for tracking or analytics.
|[CF_Authorization](/cloudflare-one/identity/authorization-cookie/#access-jwts) (team domain) |[JSON web token (JWT)](https://www.cloudflare.com/learning/access-management/token-based-authentication/) set on the `cloudflareaccess.com`[team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) that contains the user's identity ands enables Access to perform single sign-on (SSO) | If [global session duration](/cloudflare-one/identity/users/session-management/#global-session-duration) is set, adheres to that.<br/><br/> If not, adheres to the [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Yes | None | Yes |
40
+
|[CF_Authorization](/cloudflare-one/identity/authorization-cookie/#access-jwts) (Access application domain) |[JSON web token (JWT)](https://www.cloudflare.com/learning/access-management/token-based-authentication/) set on the domain protected by Access, used to confirm that the user has been authenticated and is authorized to reach the origin | If [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration) is set, adheres to that.<br/><br/> If not, adheres to the [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Admin choice (Default: None) | Admin choice (Default: None) | Yes |
41
+
| CF_Binding | Refer to [Binding cookie](/cloudflare-one/identity/authorization-cookie/#binding-cookie)| If [policy session duration](/cloudflare-one/identity/users/session-management/#policy-session-duration) is set, adheres to that.<br/><br/> If not, adheres to the [application session duration](/cloudflare-one/identity/users/session-management/#application-session-duration).<br/><br/> If neither are set, defaults to 24 hours. | Yes | None | Optional |
42
+
| CF_Session |[CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used on the `cloudflareaccess.com`[team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name)| 4 hours | Yes | None | Required |
43
+
| CF_AppSession |[CSRF](https://www.cloudflare.com/learning/security/threats/cross-site-request-forgery/) token used per application domain, scoped to individual applications behind Access | 24 hours | Yes | None | Required |
44
+
| CF_Device | Cookie used to help prevent abuse of the [Access OTP flow](https://developers.cloudflare.com/cloudflare-one/identity/one-time-pin/)| 30 days | Yes | Strict | Required |
0 commit comments