Skip to content

Cookies used by Lime Forms

Lime Forms uses two cookies by default simpliform_session and xsrf-token. There are some integration specific cookies that might be used depending on if the integration is enabled and in use in specific form.

Lime Forms standard cookies

simpliform_session

simpliform_session contains a session ID

simpliform_session

The session cookie in Laravel is used to store the session identifier (session ID) of a user.

  • When a user interacts with a Laravel application, the server creates a unique session ID to track the user's data and state across multiple requests.
  • This session ID is stored in the session cookie and sent to the client.
  • On subsequent requests, the client sends this cookie back to the server, allowing Laravel to retrieve the session data associated with that ID.

xsrf-token

xsrf-token Contains a cross-site request forgery token

xsrf-token

The xsrf-token often referred to as csrf-token (Cross-site Request Forgery token) cookie is used to protect against CSRF attacks.

  • Laravel automatically generates a CSRF token for each active user session and includes this token in a cookie.
  • When a form is submitted, this token must be included in the request.
  • The server then checks the token to ensure that the request is coming from a trusted source (the user's own browser) and not from a malicious site.
  • This helps prevent unauthorized actions from being performed on behalf of authenticated users.

Google reCAPTCHA integration cookies

If the domain used for validating with reCAPTCHA is recaptcha.net only _GRECAPTCHA will be included.

_GRECAPTCHA

_GRECAPTCHA Used for analysis

_GRECAPTCHA

reCAPTCHA sets this cookie for the purpose of providing its risk analysis.

If you prefer to not use the www.google.com domain which may have other cookies set, you can use www.recaptcha.net instead.

google.com domain cookies

If the domain used for validating with reCAPTCHA is google.com the cookies listed below will be included aswell as _GRECAPTCHA.

AEC Google security cookie

AEC

AEC cookie is defined by Google as being used to detect abuse, fraud, spam. The AEC cookie is valid for six months.

See more

NID & __Secure-ENID Functionality cookies

NID & __Secure-ENID

The NID and __Secure-ENID cookie is used by Google to to remember your preferences and other information. Such as preferred language, search result per page..

See more

SOCS user state cookie

SOCS

The SOCS cookie store a users state in regards to their cookie choices

See more