Registration JavaScript API cookies

The Registration JavaScript API uses the cookies shown in the table below. Here's how to interpret that table:

  • HttpOnly. When true, the cookie is not accessible to client-side scripts (for example, scripts that use the JavaScript document.cookie API).

  • Secure. When true, the cookie can only be sent to the server using the HTTPS protocol.

  • SameSite. Specifies how cookies are sent with a cross-site request:

    • If set to Strict, a cookie can only be sent to its origin site. 

    • If set to Lax, a cookie is sent any time a user navigates to the cookie’s origin site. 

    • If set to None, cookies are sent on both origin and cross-site requests, but only if the Secure attributeis set to true.

  • Stores PII (personally identifiable information). If Yes, the cookie value contains information that can be employed to identify the user.

As noted, the table below lists the Registration JavaScript API cookies. In addition to these cookies, you might also be interested in the Social login JavaScript API cookies.


CookieDescriptionSample Value
janrainFailedLogins_sessionIf available, and if set to session, indicates that a valid session currently exists on the device.

Although we don’t recommend deleting it, this cookie is not required in order to log on.

HttpOnly: false
Secure: false
SameSite: None
Stores PII: No
janrainCaptureTokenRefresh_sessionEstablishes a Capture widget session. A value of session indicates that a session is currently active.

HttpOnly: false
Secure: false
SameSite: None
Stores PII: No
session