Draft
Using similar descriptions for commonly known Helsinki cookies brings the benefit of consistent content across services that use the same components.
You can use commonly known Helsinki cookies if your service is using a *.hel.fi domain.
All services have their own cookie settings and individual cookies but the descriptions of similar cookies should be the same across the services.
When known cookies are available, use them instead of creating custom cookies. This way they are at least consistent even they are handled on service level.
If your service is using cookies, you need to ask for consent for the cookies (if they are considered optional).
All cookies need to be explained properly (also the required ones).
You can either use all or a part of the commonly cookies.
Note that some of the services (e.g., Matomo) may require multiple cookies for it to work.
The following is a list of approved commonly known cookies for common services like Matomo or Tunnistamo. You can find this list as a JSON object in the Helsinki Design System GitHub repository .
Table 1 : The information collected by statistics cookies is used to develop the website._pk_id.*
*.hel.fi Matomo. Tracking what the user does in the user interface 393 days _pk_ses*
*.hel.fi Matomo. Tracking what the user does in the user interface 30 minutes mtm_.*
*.hel.fi Matomo. Consent for using analytics cookies 400 days cookiehub
cookiehub.com Used by CookieHub to store information about whether visitors have given or declined the use of cookie categories used on the hel.fi site 365 days
Table 2 : Cookies related to basic functionalities cannot be rejected. They enable the proper functioning of the website and affect the usability.SSESS*
hel.fi A cookie related to the operation of the content management system 23 days
Table 3 : Common Tunnistamo and Keycloak cookies between *.hel.fi domain servicessso-sessionid
api.hel.fi Persist the authentication session Session tunnistamo_prod-sessionid
api.hel.fi Persist the authentication session Session profiili-prod-csrftoken
api.hel.fi A security control 365 days AUTH_SESSION_ID
tunnistus.hel.fi Persist the authentication session Session AUTH_SESSION_ID_LEGACY
tunnistus.hel.fi Persist the authentication session Session KC_*
tunnistus.hel.fi Persist the authentication session Session JSESSIONID
suomi.fi Persist the authentication session Session E-Identification-LogTag
suomi.fi Persist the authentication session Session _opensaml_req_cookie*
suomi.fi Persist the authentication session Session _shibstate_*
suomi.fi Persist the authentication session Session _shibsession_*
suomi.fi Persist the authentication session Session shib_idp_session
suomi.fi Persist the authentication session Session
Table 4 : Common user data stored by the login componentoidc.user:*
Current domain Store authentication data Session hds_login_api_token_storage_key
Current domain Store api tokens of an authenticated user Session hds_login_api_token_user_reference
Current domain Identify the user whose api tokens are stored Session
Table 5 : Load-balancing cookies ensure that the service loads and works quickly and efficiently.A random 32-character long string
api.hel.fi, tunnistus.hel.fi Technical routing of requests Session
Table 6 : Security cookies enable secure data transfer between the user and the service.tunnistamo_prod-csrftoken
api.hel.fi A security control 365 days
Table 7 : Language cookies store the language selections by the user to remember the preferred language.KEYCLOAK_LOCALE
tunnistus.hel.fi Persist the user's chosen language Session E-Identification-Lang
suomi.fi Persist the user's chosen language Session
Table 8 : Cookie consents.city-of-helsinki-cookie-consents
<subdomain>.hel.fi Used by hel.fi to store information about whether visitors have given or declined the use of cookie categories used on the hel.fi site. 1 year city-of-helsinki-consent-version
<subdomain>.hel.fi Used by hel.fi to store information about what version of the cookie consent the user has agreed to. 1 year