Cookies are small text files placed on your device to collect various data about your browsing activities. They are processed by your web browser and stored in a special folder. Certain cookies may be encrypted in order to protect sensitive information. In and of themselves, cookies are harmless and perform important functions for websites. Most web browsers automatically accept cookies but provide controls that allow you to block or delete them.

Standard uses for browser cookies

In general, cookies can serve many purposes, such as user authentication, storing preferences, helping to navigate websites, implementing shopping carts, interest-based advertising, collecting usage and performance data, as well as detecting fraud and abuse. However, Visiometa only uses cookies that are strictly necessary to maintain the functionality and security of this website, in particular to sign in registered users and to prevent cross-site request forgery (CSRF) attacks.

Strictly necessary cookies

The following cookies are necessary for this website to function and cannot be switched off. They are only set in response to actions that are requests for services, such as signing in or submitting a form. You can set your browser to block these cookies, but some parts of the site will not work without them. These cookies do not store any personally identifiable information.

Request Token

A very common vulnerability in the context of web services is the so-called Cross Site Request Forgery (CSRF). Essentially, it allows attackers to execute malicious requests on behalf of their victim. For example, an attacker could cause a signed-in user to submit an online form with false data, which is then stored and attributed to that user. Our website mitigates these attacks by using the Double Submit Cookie technique. In this technique, we send a random value in both a cookie and as a request parameter, with the server verifying if the cookie value and request value match. CSRF protection is only useful for authenticated users who want to submit information to the web server. Therefore, if you are a non-registered user or if you are not signed in to the website, the cookie will not be set in your browser unless you submit the contact form.

Name csrf_https-contao_csrf_token
Duration session
Provenance first-party
Purpose strictly necessary for security
Data an encrypted pseudorandom value
Expiry at the end of the browser session

Session Token

The implementation of this website uses the PHP programming language to create dynamic content. To preserve certain data across subsequent accesses, the PHP runtime assigns each visitor a unique identifier called a session ID. This is either stored in a cookie on your computer or propagated in the URL. Session tokens are necessary because websites are typically served using stateless protocols such as HTTP and HTTPS. We use them to identify users who are signed in to our website. They contain no personal data and expire at the end of the browser session.

Duration session
Provenance first-party
Purpose strictly necessary for authentication
Data the randomized session identifier
Expiry at the end of the browser session