Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Page content:

...

Cookie nameDurationDescriptionPurpose
Google analytics
_ _utma2 years from set/updateUsed to distinguish users and sessions. The cookie is created when the javascript library executes and no existing _ _utma cookies exists. The cookie is updated every time data is sent to Google Analytics.Tracks how many times (if any) you have visited the Trainee Information System (TIS) website.
_ _utmt10 minutesUsed to throttle request rate.
_ _utmb30 minutes after your visit, or after 30 minutes of inactivityUsed to determine new sessions/visits. The cookie is created when the javascript library executes and no existing _ _utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.Tracks how long you have spent on the website.
_ _utmcEnd of browser sessionNot used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the _ _utmb cookie to determine whether the user was in a new session/visit.
_ _utmd6 months after it was last set
Gives us information on how the site was reached (e.g. directly or a link, organic search or paid search)
_ _utmz6 months after it was last setStores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.Identifies where you've come from e.g. from a search engine or from another website
_ _utmv2 years from set/updateUsed to store visitor-level custom variable data. This cookie is created when a developer uses the_setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
Content experiments - cookie usage 

_ _utmx

18 monthsused to determine a user's inclusion in an experiement
_ _utmxx18 monthsUsed to determine the expiry of experiements a user has been included in
Optimize 360 - cookie usage
_gaexpDepends on the length of the experiment but typically 90 days.Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.
Keycloak and application cookies <<Requires dev input>>
AUTH_SESSION_IDsessionUsed for sticky connections to an individual node in the Keycloak clusterhttps://github.com/keycloak/keycloak-documentation/blob/master/server_installation/topics/clustering/sticky-sessions.adoc
KEYCLOAK_IDENTITYsession
JWT representing the user identity.
KEYCLOAK_SESSION12hrkeycloak's session token
KC_RESTARTsession
JWT containing the redirect information to determin where a user should be returned to after logging in.
mod_auth_openidc
mod_auth_openidc_state_sessionrepresentation of the state of the current login The "state" cookie is created when the user is redirected away to the OpenID Connect Provider for authentication. It is a cookie with unique name (prefixed with a constant mod_auth_openidc_state_) that is tied to the state parameter that is sent in the authentication request. It is deleted when the user returns to the Apache server with an authentication response (indicating either success or failure)
mod_auth_openidc_sessionsessionmod_auth_openidc's session tokenThe "session" cookie is created after the user returns from the OpenID Connect provider with a successful authentication response (note that the state cookie is deleted at the same time)
Unknown
dashBoardStatesession

defaultLocale1 monthUser's current locale
sessionsessionunique session identifier
TIS Apps
usersessionCached user representation



Scenarios:


Process Name

PN1 - Trainees Accept/Decline Privacy Notice  when logging in for the first time.

Comments
DescriptionUsers should be able to Accept/Decline Privacy Policy and Cookie Policy when logging in for the first time either on a mobile or desktop.Mobile design consideration to be discussed with Steve. 
ActorsTrainee
Pre-ConditionsUser is not logged in
Post-ConditionsSystem presents Privacy Notice & Cookie Policy with options to and accept/decline
Process Steps
  1. User navigates to TIS landing page (.../Admin/)
  2. User enters credentials and click on Login
  3. User presented with Privacy Notice
  4. User reads and Accept/Decline
    1. If user Accepts, they are successfully authenticated into TIS
    2. If user Declines, they are not authenticated into TIS and present relevant message with relevant support contact details

Alternative ProcessN/A
Rules
  • Rule: User should not be authenticated to TIS if they do not accept the Privacy Notice
  • Error: Acceptance of the Privacy Notice is mandatory in order to access TIS functionality. 

JIRA Reference
Jira Legacy
serverSystem JIRA
serverId4c843cd5-e5a9-329d-ae88-66091fcfe3c7
keyTISDEV-2969

Audit Log

Who accepted/declined the Privacy Notice and when

Present audit log to all admins with view permissions



Process Name

PN2 - Non-trainees Accept/Decline Privacy Notice  and Cookie Policy when logging in for the first time.

Comments
DescriptionUsers should be able to Accept/Decline Privacy Policy and Cookie Policy when logging in for the first time
ActorsTrainers, Educational Supervisors, Clinical Supervisors, TPD's 
Pre-ConditionsUser is not logged in
Post-ConditionsSystem presents Privacy Notice & Cookie Policy with options to and accept/decline
Process Steps
  1. User navigates to TIS landing page (.../Admin/)
  2. User enters credentials and click on Login
  3. User presented with Privacy Notice
  4. User reads and Accept/Decline
    1. If user Accepts, they are successfully authenticated into TIS
    2. If user Declines, they are not authenticated into TIS and present relevant message with relevant support contact details

Alternative ProcessN/A
Rules
  • Rule: User should not be authenticated to TIS if they do not accept the Privacy Notice
  • Error: Acceptance of the Privacy Notice is mandatory in order to access TIS functionality. 

JIRA Reference
Jira Legacy
serverSystem JIRA
serverId4c843cd5-e5a9-329d-ae88-66091fcfe3c7
keyTISDEV-2969

Audit Log

Who accepted/declined the Privacy Notice and when

Present audit log to all admins with view permissions



Process Name

PN3 - Users should be able to access and read the Privacy and Cookie Policy via a hyperlink all the times

Comments
DescriptionUsers should be able to access and read the Privacy & Cookie Policy all the timesNote: This could be via a hyperlink on the header/footer of TIS site visible all the times. This link should not provide the options to accept/decline but just the content.
ActorsAll users
Pre-ConditionsUser is logged in or not logged in
Post-ConditionsPrivacy and Cookie Policy can be can be accessed and read 
Process Steps
  1. User sees the Privacy and Policy link on TIS
  2. User clicks on the link and reads the content
  3. User can close the Privacy Notice (if in the form of a modal pop-up for e.g). and return back towhere they were on TIS.

Alternative ProcessN/A
Rules
  • Rule:  The Privacy Notice & Cookie Policy should not require authenticated for a user to be able to access and read it.

JIRA Reference
Jira Legacy
serverSystem JIRA
serverId4c843cd5-e5a9-329d-ae88-66091fcfe3c7
keyTISDEV-2969

Audit LogN/A