WSO2 Identity Server - Cookie Policy

About WSO2 Identity Server

WSO2 Identity Server (referred to as “WSO2 IS” within this policy) is an open source Identity Management and Entitlement Server that is based on open standards and specifications.

WSO2 IS uses cookies so that it can provide the best user experience for you and identify you for security purposes. If you disable cookies, some of the services will (most probably) be inaccessible to you.

How does WSO2 IS process cookies?

WSO2 IS stores and retrieves information on your browser using cookies. This information is used to provide a better experience. Some cookies serve the primary purposes of allowing a user to log in to the system, maintaining sessions, and keeping track of activities you do within the login session.

The primary purpose of some cookies used in WSO2 IS is to personally identify you as this is the main function of the WSO2 Identity Server. However the cookie lifetime ends once your session ends i.e., after you log-out, or after the session expiry time has elapsed.

Some cookies are simply used to give you a more personalised web experience and these cookies can not be used to personally identify you or your activities.

This cookie policy is part of the WSO2 IS Privacy Policy.

A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we use the term “cookies” to discuss all of these technologies.

What does WSO2 IS use cookies for?

Cookies are used for two purposes in WSO2 IS.

  1. To identify you and provide security (as this is the main function of WSO2 IS).
  2. To provide a satisfying user experience.

WSO2 IS uses cookies for the following purposes listed below.


WSO2 IS uses these cookies to remember your settings and preferences, and to auto-fill the form fields to make your interactions with the site easier.

These cookies can not be used to personally identify you.


  • WSO2 IS uses selected cookies to identify and prevent security risks. For example, WSO2 IS may use these cookies to store your session information in order to prevent others from changing your password without your username and password.

  • WSO2 IS uses session cookies to maintain your active session.

  • WSO2 IS may use temporary cookies when performing multi-factor authentication and federated authentication.

  • WSO2 IS may use permanent cookies to detect that you have previously used the same device to log in. This is to to calculate the “risk level” associated with your current login attempt. This is primarily to protect you and your account from possible attack.


WSO2 IS may use cookies to allow “Remember Me” functionalities.


WSO2 IS as a product does not use cookies for analytical purposes.

Third party cookies

Using WSO2 IS may cause some third-party cookies to be set in your browser. WSO2 IS has no control over how any of them operate. The third-party cookies that may be set include:

    • Any social login sites. For example, third-party cookies may be set when WSO2 IS is configured to use “social” or “federated” login, and you opt to login with your “Social Account”.
    • Any third party federated login.

WSO2 strongly advises you to refer the respective cookie policy of such sites carefully as WSO2 has no knowledge or use on these cookies.

What type of cookies does WSO2 IS use?

WSO2 IS uses persistent cookies and session cookies. A persistent cookie helps WSO2 IS to recognize you as an existing user so that it is easier to return to WSO2 or interact with WSO2 IS without signing in again. After you sign in, a persistent cookie stays in your browser and will be read by WSO2 IS when you return to WSO2 IS.

A session cookie is a cookie that is erased when the user closes the web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user's computer.

How do I control my cookies?

Most browsers allow you to control cookies through their settings preferences. However, if you limit the given ability for websites to set cookies, you may worsen your overall user experience since it will no longer be personalized to you. It may also stop you from saving customized settings like login information.

Most likely, disabling cookies will make you unable to use authentication and authorization functionalities offered by WSO2 IS.

If you have any questions or concerns regarding the use of cookies, please contact the entity or individuals (or their data protection officer, if applicable) of the organization running this WSO2 IS instance.

What are the cookies used?

Cookie Name




To keep your session data in order to give you a good user experience.



To keep some messages that are shown to you in order to give you a good user experience.

The “nnnnnnnnnn” reference in this cookie represents a random number e.g., MSG324935932.



The URI you are accessing.



To keep your active page in session in order to give you a good user experience.



This cookie policy is only for the illustrative purposes of the product WSO2 IS. The content in the policy is technically correct at the time of the product shipment. The organization which runs this WSO2 IS instance has full authority and responsibility with regard to the effective Cookie Policy.

WSO2, its employees, partners, and affiliates do not have access to and do not require, store, process or control any of the data, including personal data contained in WSO2 IS. All data, including personal data is controlled and processed by the entity or individual running WSO2 IS. WSO2, its employees partners and affiliates are not a data processor or a data controller within the meaning of any data privacy regulations. WSO2 does not provide any warranties or undertake any responsibility or liability in connection with the lawfulness or the manner and purposes for which WSO2 IS is used by such entities or persons.