Common Helsinki cookies

Draft

Using common Helsinki cookies brings the benefit of consistent content across services that use the same components.

Key principles of using common cookies

  • You can use common Helsinki cookies if your service is using a *.hel.fi domain.
  • When common cookies are available, use them instead of creating custom cookies.
  • When a common cookie is used, it must be used exactly as described on this page. If you modify the cookie in any way, it is no longer a common cookie.
  • If your service is using custom cookies alongside common cookies, you still need to ask for consent for the custom cookies (if they are considered optional).
  • You can either use all or a part of the common cookies.
  • Note that some of the services (e.g., Matomo) may require multiple common cookies for it to work.

Common cookies between *.hel.fi sites

The following is a list of approved common cookies for common services like Matomo or Tunnistamo. You can find this list as a JSON object in the Helsinki Design System GitHub repository.

Statistics

Table 1: The information collected by statistics cookies is used to develop the website.
Cookie nameCookie set byPurpose of usePeriod of validity
_pk_id.**.hel.fiMatomo. Tracking what the user does in the user interface393 days
_pk_ses**.hel.fiMatomo. Tracking what the user does in the user interface30 minutes
mtm_.**.hel.fiMatomo. Consent for using analytics cookies400 days
cookiehubcookiehub.comUsed by CookieHub to store information about whether visitors have given or declined the use of cookie categories used on the hel.fi site365 days
Table 2: Cookies related to basic functionalities cannot be rejected. They enable the proper functioning of the website and affect the usability.
Cookie nameCookie set byPurpose of usePeriod of validity
SSESS*hel.fiA cookie related to the operation of the content management system23 days

Login

Table 3: Common Tunnistamo and Keycloak cookies between *.hel.fi domain services
Cookie nameCookie set byPurpose of usePeriod of validity
sso-sessionidapi.hel.fiPersist the authentication sessionSession
tunnistamo_prod-sessionidapi.hel.fiPersist the authentication sessionSession
profiili-prod-csrftokenapi.hel.fiA security control365 days
AUTH_SESSION_IDtunnistus.hel.fiPersist the authentication sessionSession
AUTH_SESSION_ID_LEGACYtunnistus.hel.fiPersist the authentication sessionSession
KC_*tunnistus.hel.fiPersist the authentication sessionSession
JSESSIONIDsuomi.fiPersist the authentication sessionSession
E-Identification-LogTagsuomi.fiPersist the authentication sessionSession
_opensaml_req_cookie*suomi.fiPersist the authentication sessionSession
_shibstate_*suomi.fiPersist the authentication sessionSession
_shibsession_*suomi.fiPersist the authentication sessionSession
shib_idp_sessionsuomi.fiPersist the authentication sessionSession

HDS Login component

Table 4: Common user data stored by the login component
Session storage keyData set byPurpose of usePeriod of validity
oidc.user:*Current domainStore authentication dataSession
hds_login_api_token_storage_keyCurrent domainStore api tokens of an authenticated userSession
hds_login_api_token_user_referenceCurrent domainIdentify the user whose api tokens are storedSession

Load balancing

Table 5: Load-balancing cookies ensure that the service loads and works quickly and efficiently.
Cookie nameCookie set byPurpose of usePeriod of validity
A random 32-character long stringapi.hel.fi, tunnistus.hel.fiTechnical routing of requestsSession

Information security

Table 6: Security cookies enable secure data transfer between the user and the service.
Cookie nameCookie set byPurpose of usePeriod of validity
tunnistamo_prod-csrftokenapi.hel.fiA security control365 days

Language settings

Table 7: Language cookies store the language selections by the user to remember the preferred language.
Cookie nameCookie set byPurpose of usePeriod of validity
KEYCLOAK_LOCALEtunnistus.hel.fiPersist the user's chosen languageSession
E-Identification-Langsuomi.fiPersist the user's chosen languageSession
Table 8: Cookie consents.
Cookie nameCookie set byPurpose of usePeriod of validity
city-of-helsinki-cookie-consents<subdomain>.hel.fiUsed by hel.fi to store information about whether visitors have given or declined the use of cookie categories used on the hel.fi site.1 year
city-of-helsinki-consent-version<subdomain>.hel.fiUsed by hel.fi to store information about what version of the cookie consent the user has agreed to.1 year