Using similar descriptions for commonly known Helsinki cookies brings the benefit of consistent content across services that use the same components.
Key principles of using commonly known cookies
You can use commonly known Helsinki cookies if your service is using a *.hel.fi domain.
All services have their own cookie settings and individual cookies but the descriptions of similar cookies should be the same across the services.
When known cookies are available, use them instead of creating custom cookies. This way they are at least consistent even they are handled on service level.
If your service is using cookies, you need to ask for consent for the cookies (if they are considered optional).
All cookies need to be explained properly (also the required ones).
You can either use all or a part of the commonly cookies.
Note that some of the services (e.g., Matomo) may require multiple cookies for it to work.
Commonly known cookies for *.hel.fi sites
The following is a list of approved commonly known cookies for common services like Matomo or Tunnistamo. You can find this list as a JSON object in the Helsinki Design System GitHub repository.
Statistics
Table 1: The information collected by statistics cookies is used to develop the website.
Cookie name
Cookie set by
Purpose of use
Period of validity
_pk_id.*
*.hel.fi
Matomo. Tracking what the user does in the user interface
393 days
_pk_ses*
*.hel.fi
Matomo. Tracking what the user does in the user interface
30 minutes
mtm_.*
*.hel.fi
Matomo. Consent for using analytics cookies
400 days
cookiehub
cookiehub.com
Used by CookieHub to store information about whether visitors have given or declined the use of cookie categories used on the hel.fi site
365 days
Cookies related to basic functionalities
Table 2: Cookies related to basic functionalities cannot be rejected. They enable the proper functioning of the website and affect the usability.
Cookie name
Cookie set by
Purpose of use
Period of validity
SSESS*
hel.fi
A cookie related to the operation of the content management system
23 days
Login
Table 3: Common Tunnistamo and Keycloak cookies between *.hel.fi domain services
Cookie name
Cookie set by
Purpose of use
Period of validity
sso-sessionid
api.hel.fi
Persist the authentication session
Session
tunnistamo_prod-sessionid
api.hel.fi
Persist the authentication session
Session
profiili-prod-csrftoken
api.hel.fi
A security control
365 days
AUTH_SESSION_ID
tunnistus.hel.fi
Persist the authentication session
Session
AUTH_SESSION_ID_LEGACY
tunnistus.hel.fi
Persist the authentication session
Session
KC_*
tunnistus.hel.fi
Persist the authentication session
Session
JSESSIONID
suomi.fi
Persist the authentication session
Session
E-Identification-LogTag
suomi.fi
Persist the authentication session
Session
_opensaml_req_cookie*
suomi.fi
Persist the authentication session
Session
_shibstate_*
suomi.fi
Persist the authentication session
Session
_shibsession_*
suomi.fi
Persist the authentication session
Session
shib_idp_session
suomi.fi
Persist the authentication session
Session
HDS Login component
Table 4: Common user data stored by the login component
Session storage key
Data set by
Purpose of use
Period of validity
oidc.user:*
Current domain
Store authentication data
Session
hds_login_api_token_storage_key
Current domain
Store api tokens of an authenticated user
Session
hds_login_api_token_user_reference
Current domain
Identify the user whose api tokens are stored
Session
Load balancing
Table 5: Load-balancing cookies ensure that the service loads and works quickly and efficiently.
Cookie name
Cookie set by
Purpose of use
Period of validity
A random 32-character long string
api.hel.fi, tunnistus.hel.fi
Technical routing of requests
Session
Information security
Table 6: Security cookies enable secure data transfer between the user and the service.
Cookie name
Cookie set by
Purpose of use
Period of validity
tunnistamo_prod-csrftoken
api.hel.fi
A security control
365 days
Language settings
Table 7: Language cookies store the language selections by the user to remember the preferred language.
Cookie name
Cookie set by
Purpose of use
Period of validity
KEYCLOAK_LOCALE
tunnistus.hel.fi
Persist the user's chosen language
Session
E-Identification-Lang
suomi.fi
Persist the user's chosen language
Session
Cookie consent
Table 8: Cookie consents.
Cookie name
Cookie set by
Purpose of use
Period of validity
city-of-helsinki-cookie-consents
<subdomain>.hel.fi
Used by hel.fi to store information about whether visitors have given or declined the use of cookie categories used on the hel.fi site.
1 year
city-of-helsinki-consent-version
<subdomain>.hel.fi
Used by hel.fi to store information about what version of the cookie consent the user has agreed to.
