“A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies are then sent back to originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device.” – Text taken from ICO document ‘Guidance on the rules on use cookies and similar technologies’, dated 13 December 2011.

Broadly speaking, cookies are either ‘session-based’ or ‘persistent’.  The former is deleted when you close your browser.  The latter is more likely to collect a greater amount of personal information, such as browsing behaviour if so-configured, and is deleted manually or on its expiration date.

The MSL system, as provided to you, includes two cookies:

ASP.NET_SessionID Stores a temporary unique identifier for your session – no other information is stored. This cookie is removed when you close your browser. Expires on exit of browser
ASPXAUTH When you are logged in, this cookie stores a value which identifies you to your site. This value is encrypted and can only be read by the server. If you use the Remember Me function this cookie remains on your computer for 3 months, otherwise it is removed when you log out of the site. Expires on exit of browser or 3 months (optional)

The session cookie and aspxauth are strictly necessary for the functioning of the logged in site. We do not offer a way of disabling these, and the user should not disable these if they want a logged-in browsing experience.

If you are making use of Google Analytics (the majority of MSL clients are) your site will also drop the following cookies:

_utma Used by Google Analytics to capture and determine unique visitors and the frequency of views. __utma is written to the browser on your first visit to a site (from the browser being used). 2 year expiry
_utmb Used by Google Analytics to establish and continue your session on the site. Each time you visit a page it is updated to expire in 30 minutes. It expires if you spend more than 30 minutes on a single page. 30 minute expiry
_utmc Previously used by Google Analytics javascript to define a session status. 6 month expiry
_utmz Used by Google Analytics to store the type of referral used to reach the site; e.g. direct, link, web search, etc. Expires on exit of browser

In the case of non-essential cookies obtain your users' consent to store the cookies on their device (Previously, you just needed to give people an option to opt-out of having cookies stored.) We also recommend you also list the cookies on your site's terms & conditions page with appropriate descriptions and expiry information as above.

Non-essential cookies you may have on your site would include Google Analytics tracking cookies, social media plugins, remember me options, and 'do not show again' popup preferences.

The ICO provides detailed guidance in this area, including tips for conducting a cookies audit so why not take some time right now to check that your site is up to scratch:


How to remove cookies from your browser

Every browser is different, and the information provided in the following links may not work for older versions of the browser you are using, but you will be able to find out how by searching the internet for "how to remove cookies from [your broswer name] [your browser version]"