Cookies

Nextcloud only stores cookies needed for Nextcloud to work properly. All cookies comes from your Nextcloud server directly, no 3rd-party cookies will be sent to your system. Regarding GDPR, only data which contain personal data are relevant.

Cookies stored by Nextcloud

Cookie

Data Stored

Lifetime

Session cookie

  • session ID

  • secret token (used to decrypt the session on the server)

24 minutes

Same-site cookies

no user-related data are stored, all same-site cookies are the same for all users on all Nextcloud instances

forever

Remember-me cookie

  • user id

  • original session id

  • remember token

15 days (can be configured)

The same-site cookies are used to determine how a request reaches the Nextcloud server. We use them to prevent CSRF attacks. No identifiable information is stored in those. The rest of the cookies are strictly used to identify the user to the system.