Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Cookies list that could be found in a Liferay Portal and their usage

Written By

Georgel Pop

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • What are all the cookies that could be found in a Liferay Portal, and what are they used for?
  • Is it possible to safely remove these cookies? If so, can it be done out of the box?

Environment

  • DXP 7.0 or higher

Resolution

Liferay Cookies:

  • LFR_SESSION_STATE_userid - Technical session cookie (expires once the session ends). It belongs to Liferay. It contains the timestamp when the user's session started.
  • JSESSIONID - Technical session cookie (expires once the session ends). It belongs to Liferay. It is used by sites written in JSP to maintain an anonymous user session by the server.
  • GUEST_LANGUAGE_ID - Functional personalization cookie (duration 1 year). It belongs to Liferay. It remembers the user's language preference.
  • COOKIE_SUPPORT - Technical cookie (duration 1 year). It belongs to Liferay. It is used to know if the user admits cookies.

Third party cookies:

  • _gcl_au - Advertising cookie, third party (duration 1 year). It is used by Google AdSense to experiment with the efficiency of advertising on different websites using its services.
  • _fbp - Advertising cookie, third party (duration 3 months). It is used by Facebook to deliver a series of advertising products, such as real-time bids from third-party advertisers.
  • _gid - Advertising cookie, third party (duration 1 day). It is associated with Google Universal Analytics. It is used to distinguish users and it stores and updates a unique value for each page visited to limit the number of requests to this service.
  • _ga - Behavioral Analytics Cookie, third party (duration 2 years). It is used to distinguish users and help Google Universal Analytics to limit the number of requests to this service.
  • _gat - Behavioral Analytics Cookie, third party (duration 1 minute). It is used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property- id>.

Note that all third parties cookies like _gcl_au (Google AdSense), _fbp (Facebook), _ga, _gid and _gat (Google Universal Analytics) are generated only if their related services get activated inside the portal.

What happens if these cookies are removed:

  • Removing these cookies out of the box is not possible as we don't have control over third party ones like _gcl_au, _fbp , _ga, _gid or the necessary ones to create a session successfully as  JSESSIONID and LFR_SESSION_STATE_20120.
  • If these cookies are removed by a custom development, then the user will lose the functionality each cookie provides. 

Additional Information

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?