Browser-Based Local Data Storage

Commerce Cloud uses browser cookies and session storage objects to store and track information. This information can exist on machines with browsers running Commerce Cloud merchant applications, or with browsers accessing websites that run on Commerce Cloud.

The following terms appear in this document:
  • User: A person who uses Commerce Cloud merchant applications such as Business Manager.
  • Shopper: A person who visits a website that runs on Commerce Cloud.

When processing privacy requests from shoppers for account deletion or the Right to be Forgotten, merchants can inform or remind the shopper about the cookies set on Commerce Cloud websites. Although these data objects are no longer used after their lifespans expire, they might persist on a shopper’s browser. Depending on the scope of a shopper's request, a merchant might remind them that they can and, in some cases, should delete all data objects from their own browsers if they wish to withdraw consent or completely delete all identifiable data from Commerce Cloud. Instructions for deleting these objects manually depends on the browser type. Instruct shoppers to refer to the documentation for their browser. Merchants should consult their own legal advisors when responding to privacy requests.

Note: You might want to implement functionality on your storefront that allows shoppers to easily delete their own Commerce Cloud cookies. For example, you could create a privacy information page with a button that deletes Commerce Cloud cookies from the shopper's browser.
Note: In the following tables, an asterisk in an object name represents a random string appended to the name. For example, the dwac_* cookie might appear on a user’s computer as "dwac_js894CJS92kD."

Shopper Applications

The following Commerce Cloud shopper-facing applications use cookies that can exist on a shopper's computer:

B2C Commerce Storefront

Used by B2C Commerce to operate a storefront.

Cookie Lifespan Description
dwanonymous_* 180 days Random ID used to identify an unregistered shopper or a shopper who has not yet logged in independent of the session. For example, this is used to track basket and order activity and for analytics. It is not used for any activity that occurs after the shopper registers an account. The * in the cookie name is a value unique to the site.
dwsid Current session Identifies the current browsing session.
sid Current session Identifies the current browsing session. The Salesforce Reference Architecture (SFRA) uses this to determine whether to display the cookie hint content asset. Only used by SFRA and by customizations.
dwsecuretoken_* Current session Used with dwsid to secure the session through HTTPS. The * in the cookie name is a value unique to the site.
dwcustomer_* 180 days Identifies a registered shopper. Used only when the shopper selects Remember Me. (This is an optional website feature.) The * in the cookie name is a value unique to the site.
dw_dnt* Current session Controls client-side JavaScript for Commerce Cloud tracking features (Analytics, Einstein, and ActiveData). Commerce Cloud sets it with each page response, based on the value of the corresponding session attribute TrackingAllowed. The value of this cookie always matches that of the Einstein __cq_dnt cookie.
dwac_* Current session Stores the following data for analytics purposes: Session ID, report suite name, shopper’s customer ID, source code group ID (encoded), currency mnemonic, and time zone. The * in the cookie name is a value unique to the site.
dwpersonalization_* 180 days Tracks participation in A/B test groups for analytics purposes. If the shopper participated in a test, then the value is cleared when the shopper logs out. The * in the cookie name is a value unique to the site.
dwsourcecode_* Varies from 0-999 days Stores the source code for campaign and affiliate tracking. You set the lifespan of this cookie for each source code in Business Manager. The * in the cookie name is a value unique to the site.

Return to top

SiteGenesis

Used by SiteGenesis and available for use by sites based on SiteGenesis. Not used by SFRA.

Cookie Lifespan Description
dw_cookies_accepted Current session

When the merchant has enabled the cookie hint notice, it records that the shopper has acknowledged that cookies are being used.

For more information, see SiteGenesis Standards Compliance.

dw_TLSWarning 15 minutes when true; 30 minutes when false

Identifies whether the shopper's browser only supports outdated versions of TLS. Set to true if the browser fails the compatibility check or if the check cannot be completed.

For information on the compatibility check, see TLS Browser Detection.

dw Current session This cookie has been deprecated and is no longer used to collect data. It is in the process of being removed from the SiteGenesis codebase.

Return to top

Einstein

Used by Einstein for AI functionality.

The uuid (third-party) and __cq_uuid (first-party) cookies contain a randomly-generated user ID that exists on a shopper's browser and may be used during a visit to any Commerce Cloud website, regardless of the merchant. These cookies are only set or accessed during a site visit if the __cq_dnt cookie, which tracks consent, is not set. The merchant is responsible for obtaining and tracking consent.

Note: Once a value is set for these cookies, it remains until it expires or until the shopper deletes it from the browser. When a shopper visits a Commerce Cloud merchant site where the __cq_dnt cookie is set, these cookies are simply ignored. If a shopper requests that a merchant delete their data, then all data associating that shopper with the cookie value is removed from the merchant's Commerce Cloud instance. The cookies may remain on the shopper's browser, but can no longer be connected to that shopper by that merchant.

Data Object Lifespan Description
cqcid Current session Hashed ID for an unregistered shopper.
cquid Current session Hashed ID for a known shopper.
__cq_uuid 13 months First-party version of the third-party uuid cookie. Contains a randomly generated user ID. Used to collect information about the shopper's activities on the merchant's own website. This information is also used for analytics purposes, including by Commerce Cloud Reports and Dashboards.
__cqact Current session Holds the queue of browser activities until they are sent.
__cqviews Current session If sessionStorage is not available, contains the most recently viewed recommendations until they are sent.
__cqsviews Current session If sessionStorage is not available, contains the products in the most recent search results until they are sent.
__cqcviews Current session If sessionStorage is not available, contains the products in the most recently viewed category page until they are sent.
__cq_anchor Current session If sessionStorage is not available, contains the anchor products for recommendations on a page.
weird_get_top_level_domain Current session Detects the root domain on the page.
__cq_bc 30 days First-party version of the bc cookie. Contains activity history, such as the last 10 products viewed by the shopper.
__cq_seg 30 days Contains inferred shopping propensity attributes and other segment attributes used in predictive sort. (First-party version)
__cq_dnt Current session Indicates that the browser has opted out of CC Einstein tracking for this site. Commerce Cloud sets it with each page response based on the value of the corresponding session attribute TrackingAllowed. The value of this cookie always matches that of the Storefront dw_dnt* cookie.
cq Current session (Session storage object) Tests whether sessionStorage is available.
cq.anchor Current session (Session storage object) Contains anchor product IDs.
cq.viewReco Current session (Session storage object) Contains the most recently viewed recommendations.
cq.viewSearch Current session (Session storage object) Contains products from the most recent search results.
cq.viewCategory Current session (Session storage object) Contains products from the most recently viewed category page.
__cq_seg 30 days Contains inferred shopping propensity attributes. Third-party cookie set on .cquotient.com.
uuid 13 months Third-party version of the first-party __cq_uuid cookie set on .cquotient.com. Contains a randomly generated user ID. Used to track data for analytics purposes, including Commerce Cloud's own analytics as described in the Trust & Compliance documentation, such as Commerce Cloud Reports and Dashboards.
bc 30 days Contains activity history, such as the last 10 products viewed by the shopper. Third-party cookie set on .cquotient.com.

Return to top

Merchant Applications

The following Commerce Cloud merchant applications use cookies that can exist on a user's computer. No shopper data is involved.

Control Center

Cookie Lifespan Description
SESSION Current session Identifies the current browsing session.
XSRF-TOKEN Current session Used to validate requests. This protects against CSRF.

Return to top

Account Manager

Cookie Lifespan Description
JSESSIONID Current session Identifies the current browsing session.
dwAccountManager Current session Authenticated session ID.
i18next Current session i18n setting for Account Manager.
amlbcookie Current session OpenAM-specific load-balancing cookie for Account Manager (not used).
BIGipServeraapi_amr_ssl Current session F5 load-balancing cookie for Account Manager.

Return to top

Log Center

Cookie Lifespan Description
JSESSIONID Current session Identifies the current browsing session.

Return to top

Business Manager

Cookie Lifespan Description
dwbmsid Current session Identifies the current browsing session when the Separate Business Manager Session Cookie feature is active.
_pendo_accountid* Varies Processes data for Pendo analytics. Also used by Einstein and CC Reports and Dashboards.
_pendo_meta* Varies Processes data for Pendo analytics. Also used by Einstein and CC Reports and Dashboards.
_pendo_visitorid* Varies Processes data for Pendo analytics. Also used by Einstein and CC Reports and Dashboards.

Return to top

Order Management

Cookie Lifespan Description
.BF397AUTH Current session Store authentication token.
ASP.NET_SessionId 15 minutes when true; 30 minutes when false Authenticated session ID.
ISAWPLB{*} Current session (For POD08 users) Identifies the load-balancer session. The * is a GUID.
AWSELB Current session (For AWS users) Identifies the load-balancer session.
RETAILCENTER Permanent Identifies the store when a user selects the store in Retail Center. The value is specific to the computer.

Return to top

Commerce Cloud Reports and Dashboards

Cookie Lifespan Description
connect.sid 1 hour Identifies the current browsing session.
XSRF-TOKEN 1 year Used to validate requests. This protects against CSRF.
_pendo_accountid* Varies Processes data for Pendo analytics. Also used by Einstein and Business Manager.
_pendo_meta* Varies Processes data for Pendo analytics. Also used by Einstein and Business Manager.
_pendo_visitorid* Varies Processes data for Pendo analytics. Also used by Einstein and Business Manager.

Return to top