Skip to main content
Documentation & User Guides | Fotoware

Managing cookies


By default, Fotoware SaaS uses only strictly necessary cookies. These cookies are necessary to comply with EU privacy regulations. Privacy regulations vary from region to region, and it is your responsibility to ensure you comply with the regulations in effect for your location.

Best practices

  • Inspect your Fotoware site regularly - which cookies is it using? 
  • Familiarize yourself with the regulations in your country or for your organization.
  • Consider professional legal advice for the text in the cookie warning bar and cookie policy.
  • If you are using third-party tools (Google Analytics, PIWIK, or similar) they might introduce unnecessary cookies for which you need to obtain permission. This is not part of the Fotoware cookie warning functionality.

As the necessary cookies apply to logged-in users only, they are mostly relevant for publicly accessible sites where visitors must log in. Website visitors who do not log in do not have to consent to using these cookies.


A device cookie is set on a browser IF AND ONLY IF the user has successfully authenticated themselves by logging in or completing a password reset. Device cookies enable additional IT security (improving account security while preventing denial-of-service attacks) and, therefore, fall under legitimate interest of GDPR.

The device cookie must contain the username so it can be used to identify the user. It is also stored with the username in the database in case of a failed login attempt.

The device cookie remains in the browser even after the user has logged out or if the user has not logged in after a password reset.

Another user sharing the same browser profile can see this cookie and know the username of the user who logged in last.

Necessary cookies

Name Purpose Lifetime
SessionToken Remember the session of a logged-in user. This only applies to users who are logged in. It does not apply to site visitors. 8 hours
FWPersistentLogin Remember the user for persistent login functionality. This only applies if the persistent login functionality is in use.  12 months
TrustedDeviceToken Stores information about the browser used by a user who recently logged in successfully with a username and password.  30 days

For information on configuring and enabling cookie warnings in Fotoware, see Configuring cookie warnings.

  • Was this article helpful?