List of Default Cookies and their purpose for Concrete CMS

Hi, I was asked by the client what kind of Cookie Concrete CMS uses.

It is usually required to list what kind of cookie Concrete CMS uses for privacy policy in EU and some countries.

Is the following assumption correct?

Also I realized that some cookie is issued upon login screen.
I need to know the purpose of the following cookies.

Site cookie

Name Purpose Domain Expiration
CONCRETE(5) Session cookie [site domain] 2 hours
CONCRETE(5)_LOGIN Login flag [site domain] 2 weeks
ccmAuthUserHash Cookie login key when you click the option of 2 weeks login [site domain] 2 weeks

Concrete CMS cookie

Name Purpose Domain Expiration
ccm_cdd ??? 228 days and 5 hours
_ga_* Google Analytics 410 days
_gcl_au Google AdSense to track conversion for ConcreteCMS 44 days
_gid Google Analytics to track page views for ConcreteCMS 1 day
_lfa To store and track audience lead for ConcreteCMS using Leadfeeder service 365 days
  • What is the purpose of ccm_cdd Cookie?
  • I assumed these cookies are embedded if we are using login background.
    • Login page (8.5 and earlier)
    • Welcome screen background
  • What should I do when we want to remove these cookie?
  • What information does _lfa collects?

Once PortlandLabs, confirmed, I can submit documentation.


Hi Katz,

Let me look into this one for you.

1 Like

Correction… I originally wrote _fla but it was _lfa. Corrected my original

Hi @katz515 - these are cookies that are set at for marketing purposes. If you have been to the site, those will show up on the welcome page because of the “background of the day” picture request - if you don’t want those cookies to show up in the list, you could disable background image of the day and that would likely do the trick.