You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -101,8 +101,8 @@ The following Access cookies are essential for core functionality and cannot be
101
101
|`CF_Authorization` (cloudflareaccess.com) | JWT stored on the team domain (`<>`) to keep users logged into Access across apps | Set by customer; supports org-wide login | Yes | None |
102
102
|`CF_Authorization` (customer domain) | JWT stored on the app domain that grants access to that specific app | Set by customer | Customer choice (default: No) | Customer choice (default: None) |
103
103
|`CF_Binding`| Optional cookie that protects against session hijacking by binding the token to a browser instance; never sent to origin | Matches app session | Yes | None |
104
-
|`CF_Session`| CSRF token used on the team domain (`cloudflareaccess.com`) | 4 hours | Yes | None |
105
-
|`CF_AppSession`| CSRF token used per app domain, scoped to individual apps | 24 hours | Yes | None |
104
+
|`CF_Session`|A CSRF prevention token used on the team domain (`cloudflareaccess.com`) | 4 hours | Yes | None |
105
+
|`CF_AppSession`|A CSRF prevention token used per app domain, scoped to individual apps | 24 hours | Yes | None |
106
106
|`CF_Device`| Device identification cookie used to maintain posture checks and tie sessions to devices, typically with WARP | Varies | Yes | Lax |
107
107
|`CF_Meta_<aud>`| Metadata cookie that stores app-specific context or audience info; used internally for session management and debugging | Unknown | Yes | None |
0 commit comments