- use the domain “pch.net” so that other servers will not know of its existence and may not read it,
- are written to the browser over HTTPS to maintain their privacy while in transit,
- have the “secure” flag set so that the browser will also use HTTPS when returning the cookie to our server,
- hold only a unique alphanumeric string. We never put data into cookies..
Our site uses three cookies.
A session cookie is employed only if and while a user is in the process of signing up for a new user account. This cookie is expired by the user's browser when the browser window is closed. (Full name: PHPSESSID)
A login cookie allows a user who has created an account on our site and has logged in to identify themselves to us while they’re logged in. This cookie expires 24 hours after a logged-in user’s last activity. (Full name: PCHSession-www)
A nonce cookie protects users from Cross-Site Request Forgery (CSRF) attacks if and while they fill out forms on our site. The user receives a cookie containing only a unique alphanumeric string (the “nonce”), which their browser returns when they submit the form. Users receive nonce cookies only if they load a page which contains a form, and these cookies expire after five minutes. (Full name varies, but will be like: pch_nonce3f10636e6057f9c6f9a019)