Application Cookies
The PoliData application uses strictly necessary first-party cookies for authentication, session continuity, CSRF protection, redirects, and user preferences. These cookies are required to provide the service.
Cookie Inventory
| Name | Purpose | Duration |
|---|---|---|
| access_token | Backend API authentication | 15 minutes by default |
| refresh_token | Session refresh | 14 days by default |
| pa_access_token | Platform-admin authentication | 15 minutes by default |
| pa_refresh_token | Platform-admin session refresh | 7 days by default |
| authjs.user-session | Frontend workspace session | 30 days by default |
| authjs.user-csrf | CSRF protection | Session |
| authjs.user-callback-url | Post-login redirect | Session |
| authjs.admin-session, authjs.admin-csrf, authjs.admin-callback-url | Platform-admin session, CSRF, and redirect state | Session to 30 days |
| polidata-default-jurisdiction | Workspace jurisdiction preference | 1 year |
Marketing Analytics
The application does not need analytics cookies to function. The marketing site may use Google Analytics or Ads cookies only where that site presents a consent choice and consent has been granted.