Cookies

Cookies used by Etherpad.

Name	Sample value	Domain	Path	Expires/max-age	Http-only	Secure	Usage description
express_sid	s%3A7yCNjRmTW8ylGQ53I2IhOwYF9...	example.org	/	Session	true	true	Session ID of the Express web framework. When Etherpad is behind a reverse proxy, and an administrator wants to use session stickiness, he may use this cookie. If you are behind a reverse proxy, please remember to set `trustProxy: true` in `settings.json`. Set in webaccess.js#L131.
language	en	example.org	/	Session	false	true	The language of the UI (e.g.: `en-GB`, `it`). Set in pad_editor.js#L111.
prefs / prefsHttp	%7B%22epThemesExtTheme%22...	example.org	/p	year 3000	false	true	Client-side preferences (e.g.: font family, chat always visible, show authorship colors, ...). Set in pad_cookie.js#L49. `prefs` is used if Etherpad is accessed over HTTPS, `prefsHttp` if accessed over HTTP. For more info see https://github.com/ether/etherpad-lite/issues/3179.
token	t.tFzkihhhBf4xKEpCK3PU	example.org	/	60 days	false	true	A random token representing the author, of the form `t.randomstring_of_lenght_20`. The random string is generated by the client, at (pad.js#L55-L66). This cookie is always set by the client (at pad.js#L153-L158) without any solicitation from the server. It is used for all the pads accessed via the web UI (not used for the HTTP API). On the server side, its value is accessed at SecurityManager.js#L33.

Etherpad HTTP API clients may make use (if they choose so) to send another cookie:

Name	Sample value	Domain	Usage description
sessionID	s.1c70968b333b25476a2c7bdd0e0bed17	example.org	Sessions can be created between a group and an author. This allows an author to access more than one group. The sessionID will be set as a cookie to the client and is valid until a certain date. The session cookie can also contain multiple comma-separated sessionIDs, allowing a user to edit pads in different groups at the same time. More info - https://github.com/ether/etherpad-lite/blob/develop/doc/api/http_api.md#session