Web Storage and Cookies
Use of Local Storage
By default, the JavaScript SDK uses the localStorage web storage to store an automatically generated users identifier and timestamps. The purpose of this stored data is to ensure that our SDK is functioning correctly.
If your compliance requirements prohibit persistent storage, you can switch to sessionStorage, which is cleared when the browser window is closed. You can switch storage methods using the setClientStorageMethod method of our SDK.
The locally stored data consists of randomly generated strings, hashed data and timestamps. No personal information (name, email, …) is stored locally, neither in the session storage, nor the local storage.
Stored Data Fields
When the JavaScript SDK is loaded, the following data is stored in the Web Storage:
| refiner_bearer_token | A temporary token issued by our backend servers to ensure correct communication between the client and the server. |
| refiner_cookie_id | A dynamically generated random identifier that is generated for each user the first time our SDK is loaded. The identifier allows our backend servers to identify and recognise a website visitors. Recognizing website visitors across multiple session is required to keep track of which surveys a website user already responded to. The automatically generated identifier is utilized only when no other identifiers like User ID or Email is provided (anonymous mode). If you identify your users with an ID or email, the automatically generated identifier is disregarded. Please note: we are using the word “cookie” in the name only for legacy reasons. This is not actually a cookie. |
| refiner_debug_mode | A boolean flag to indicate whether or not the Debug Mode is currently activated. |
| refiner_first_seen | A timestamp indicating when we first saw this particular web browser. |
| refiner_identify_signature | A temporary hash token to prevent sending the same data too often to our backend server. This is a mechanism to reduce the amount of data exchanged between the client and our backend servers. |
| refiner_ping_on_next_page_visit | A boolean flag indicating that the SDK should connect to our servers on each page load. This is set to true when you are using the Page Visit trigger event for example. |
| refiner_ping_again_after | A timestamp indicating when our backend servers expect the SDK to reconnect and ask for new information. This is a mechanism to reduce the amount of data exchanged between the client and our backend servers. |
Cookie Fallback Behavior
If the browser supports localStorage or sessionStorage, the SDK does not create any cookies. The Web Storage API is widely supported by modern browsers, so under normal conditions, no cookies are set.
If Web Storage is unavailable (for example, if it is not supported or has been disabled), the SDK falls back to using browser cookies. This behavior is the default, but you can override it by explicitly setting the storage method to localStorage or sessionStorage.
When cookies are used, the following applies:
- The data stored in cookies is the same as described for Web Storage above
- Cookies have a 365-day expiration, which is refreshed on each visit
- Cookies are set with the
Secureflag, meaning they are only transmitted over HTTPS connections - Cookies are first-party and scoped to your domain; no other domain or service can access them