Information About Cookies
When a user visits a published web application, a combination of cookies are used for storing authentication and session information.
The following cookies are used to store information about sessions, visits, and authentication. The information we observe about visitor behavior is stored on our servers, not in the cookie placed on the browser. The cookies we use are usually an anonymous unique identifier, which provides a means of determining whether a visitor has visited the application before but does not provide any means of identifying the visitor. None of the cookies contain personally identifiable information, although, in accordance with standard HTTP protocol, the visitor’s IP address is passed to our servers as part of the HTTP request. All cookies are secured with encryption and sent over HTTPS. The following table describes the cookies that are saved to the browser of visitors visiting a published application:
| Name | Description |
|---|---|
| JSESSIONID | The JSESSIONID cookie is a transient cookie used for session management. It only has a session identifier and does not contain any personal details. |
| OAMAuthnCookie |
The OAMAuthnCookie cookie is generated by Oracle Access Manager for all clients using an Oracle Cloud service. A valid OAMAuthnCookie is required for a session.
Removing the cookie will cause the user to be logged out. The user will need to re-authenticate the next time they request a protected resource. |
| X-AppBuilder-SessionId |
The X-AppBuilder-SessionId cookie is a persistent cookie that expires 24 hours after it is created and contains a unique user ID (UUID) and time stamp. This cookie is only used to store visitor behavior information across sessions for billing purposes. This cookie is used for published Classic applications. Removing the cookie might result in each new session being recorded as a new visit. |
| VBCS_METRICS_<app name>_<app version> |
The VBCS_METRICS cookie is a persistent cookie that expires at midnight on the day it is created and contains a time stamp. The purpose is to count unique visits, and to ensure that multiple visits by the same user between when the cookie is created and when it expires are counted as one unique visit. If the cookie is removed before it expires, a new cookie is created on the next visit and the visit will be counted as a new unique visit. This cookie is only used for internal metrics and is not used for billing purposes. This cookie is used for staged and published visual applications. |
| VBCS_HOURLY_METRICS_<tenant id> |
The VBCS_HOURLY_METRICS is a persistent cookie that expires at midnight on the day it is created. The purpose is to count unique visits per hour, and to ensure that multiple visits by the same user between when the cookie is created and when it expires are counted as one unique visit. If the cookie is removed before it expires, a new cookie is created on the next visit and the visit will be counted as a new unique visit. This cookie is only used for internal metrics and is not used for billing purposes. This cookie is used for staged and published visual applications. |