Cookies & Cookie Consent

Reference of the cookies a Farfalla tenant stores in a visitor's browser, who owns each, and what category it falls into for GDPR disclosures. Use this doc when a publisher's privacy team asks what to declare or when auditing a privacy notice against actual platform behavior.

Cookies set by the platform

Cookie	Description	Owner	Category
tenant_{tenant_slug}	Per-tenant Laravel session identifier.	First-party	Strictly necessary
remember_web_{random_string}	"Remember me" persistent login cookie.	First-party	Strictly necessary
XSRF-TOKEN	CSRF protection token for form and AJAX submissions.	First-party	Strictly necessary
cookieconsent_status	Stores the visitor's choice from the cookie consent banner.	First-party	Strictly necessary
_ga, _gid, _gat	Google Analytics traffic measurement.	Third-party	Tracking
mp_{random_string}	Mixpanel product analytics.	Third-party	Tracking

cookieconsent_status ownership

Although the cookie name comes from the cookieconsent npm library, the cookie is written by the platform's own JavaScript bundle when a visitor interacts with the consent banner. It is first-party (set on the tenant's own domain), not a third-party tracker.

Deprecated cookie

Older revisions of this page listed __cfduid (Cloudflare). Cloudflare retired __cfduid in May 2021 and the platform no longer sets it. If a privacy notice still mentions it, remove the entry; new audits should not declare it.

References

• Free Privacy Policy: cookie consent
• Privacy Policies: cookie consent
• Privacy Policies: GDPR consent examples
• Cookiebot: GDPR cookies
• Twitter cookies policy
• Iubenda: cookie consent example