| Cookie | Purpose | Type | Expires |
|---|---|---|---|
soc_session |
JSON Web Token (JWT) that authenticates your session. Without it, the server cannot verify who you are. | Strictly necessary; HttpOnly, Secure, SameSite=Strict | On logout, or after 8 hours of inactivity |
csrf_token |
Cross-Site Request Forgery protection. Paired with the X-CSRF-Token header on state-changing requests to confirm they originated from this site. |
Strictly necessary; Secure, SameSite=Strict | Same lifetime as the session cookie |
The application uses your browser's local storage to remember a small amount of non-sensitive UI state (e.g., your last viewed dashboard tab, sidebar collapse preference). No PHI is stored in local storage. You can clear it through your browser's developer tools at any time.
Because the cookies we set are strictly necessary, blocking them will prevent the Service from functioning — you will not be able to log in. If you choose to block them, you can do so through your browser settings.
Because we do not engage in cross-site tracking, the "Do Not Track" browser signal has no effect on the cookies we set (they are all strictly necessary for the service to function).
If we ever introduce non-essential cookies, this notice will be updated before such cookies are deployed, and a cookie-consent banner will be added to comply with applicable law.
Questions about cookies: privacy@applespecialtypharmacy.com