Page content:
Next steps:
- Decide on the content of the Privacy Notice and cookie policy. Include all cookies in use on TIS in the content of the Privacy & Cookie Policy.
- To be discussed with Steven Pettengell (Unlicensed): Some level of design work may be required with regards to where and how it needs to be displayed with options to accept/decline for users who are logging in first time. We need to consider mobile design for trainees as well as desktop design for non-trainees.
- Raise tickets and walk through with dev.
Scope:
- Trainee Accept/Decline Privacy Notice when logging in for the first time.
- Non-logged in trainee Accept/Decline Cookie Policy first visit to TIS site
- Logged in trainee view Privacy Notice via a hyperlink
- Non-logged in non-trainee Accept/Decline Privacy Notice first time
- Non-logged in non-trainee Accept/Decline Cookie Policy first visit to TIS site
- Logged in non-trainee view Privacy Notice via a hyperlink
Privacy & Cookie Policy Content:
DRAFT - Please note that Chris Brady (Data Protection Lead) is currently working on a revised version of the Privacy Notice & Cookie Policy content for the HEE domain and will supply the signed off version when ready. However, for TIS we need an adapted version of this to be explicit, especially with regards to the specific cookies in use.
- Privacy Policy content:
https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies
- Cookie Policy content to be extended to have the following:
TIS uses Google Analytics, the following cookies are used out of the box:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
In addition to the above cookies we also need to include the Keycloak session and application cookies used. (To speak to Graham O'Regan (Unlicensed) / Alex Dobre (Unlicensed) as to what they are and update the below table to incorporate into the content.)
Summary of Cookies used on TIS:
Cookie name | Duration | Description | Purpose |
---|---|---|---|
Google analytics | |||
_ _utma | 2 years from set/update | Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing _ _utma cookies exists. The cookie is updated every time data is sent to Google Analytics. | Tracks how many times (if any) you have visited the Trainee Information System (TIS) website. |
_ _utmt | 10 minutes | Used to throttle request rate. | |
_ _utmb | 30 minutes after your visit, or after 30 minutes of inactivity | Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing _ _utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. | Tracks how long you have spent on the website. |
_ _utmc | End of browser session | Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the _ _utmb cookie to determine whether the user was in a new session/visit. | |
_ _utmd | 6 months after it was last set | Gives us information on how the site was reached (e.g. directly or a link, organic search or paid search) | |
_ _utmz | 6 months after it was last set | Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. | Identifies where you've come from e.g. from a search engine or from another website |
_ _utmv | 2 years from set/update | Used to store visitor-level custom variable data. This cookie is created when a developer uses the_setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. | |
Content experiments - cookie usage | |||
_ _utmx | 18 months | used to determine a user's inclusion in an experiement | |
_ _utmxx | 18 months | Used to determine the expiry of experiements a user has been included in | |
Optimize 360 - cookie usage | |||
_gaexp | Depends on the length of the experiment but typically 90 days. | Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. | |
Keycloak and application cookies | |||
AUTH_SESSION_ID | session | Used for sticky connections to an individual node in the Keycloak cluster | https://github.com/keycloak/keycloak-documentation/blob/master/server_installation/topics/clustering/sticky-sessions.adoc |
KEYCLOAK_IDENTITY | session | JWT representing the user identity. | |
KEYCLOAK_SESSION | 12hr | Keycloak's session token | |
KC_RESTART | session | JWT containing the redirect information to determin where a user should be returned to after logging in. | |
mod_auth_openidc | |||
mod_auth_openidc_state_ | session | Representation of the state of the current login | The "state" cookie is created when the user is redirected away to the OpenID Connect Provider for authentication. It is a cookie with unique name (prefixed with a constant mod_auth_openidc_state_ ) that is tied to the state parameter that is sent in the authentication request. It is deleted when the user returns to the Apache server with an authentication response (indicating either success or failure) |
mod_auth_openidc_session | session | mod_auth_openidc's session token | The "session" cookie is created after the user returns from the OpenID Connect provider with a successful authentication response (note that the state cookie is deleted at the same time) |
TIS application <<Requires dev input>> | |||
dashBoardState | session | User's current dashboard state for revalidation | Stores the user's preferences such as which colums to see, which sorting, filters and page are active |
defaultLocale | 1 month | User's current locale | |
session | session | Unique session identifier | The keycloak session token |
user | session | Cached user representation |
Add Comment