Identifying DNN Cookies and their Functions


A cookie is a small amount of text data provided to a web browser by a web server. The cookie is then stored on the visitor's hard drive and returned to the specific web server each time the browser requests a page from that server. DNN uses cookies to control authentication and data access for various features. You may need to know the functions of various cookies when troubleshooting login and security issues.



Cookies are used extensively by DNN. The most important cookie that DNN uses is the forms authentication cookie, which is generated when a user logs into the site. By default, it is a temporary (session) cookie. However, a user can change it to be a persistent cookie by checking the Remember Me option.

Cookies are also used for analytics in DNN; the application can track when users log in and which pages they open.


Data Privacy Note: DNN cookies do not contain Personally Identifiable Information (PII), nor does the corresponding session data stored on the server.


To see a list of available cookies in the Google Chrome browser, you can:

  1. Press F12 in your browser and open the Developer Tools
  2. In Click Application > Expand Cookies > Click the URL




Note to Agents: 
In case you find a cookie that is not listed in the table below, please check the cookies present in a local vanilla instance matching the customer's version. Should the cookie not be present, it is a third-party cookie and we should guide the customer to the Identifying if a DNN Module is a Third Party Module article.



Below is a list of DNN cookies to be aware of:


Used by sites that use .NET. It enables the site to track unique users who are not logged in.


Necessary for site functionality. It is created when a user logs in. It can be configured using Forms Authentication.


Issued by Azure and used mainly in Microservices.


Anti-forgery cookie issued by web applications that are built using the ASP.NET MVC technologies. It is designed to stop the unauthorized posting of content to a website (known as Cross-Site Request Forgery). It contains no information about the user and is deleted when the browser is closed.


Used for forms authentication. Created when a user logs in.


Used to determine whether the visitor is using a Mobile Device.


Stores the current portal language. In a monolingual portal, it contains the browser's default language.


Stores the TabID of the last visited page.


Determines the UI state across postbacks (i.e., it determines whether or not to reload the page with the Editing interface).


Used by the Content Personalization feature in Evoq Content. Since DNN 9, these are no longer used for Analytics. They are still created automatically in Evoq (but not DNN Platform) even if the Analytics Microservice is turned off.



Back to top



Please sign in to leave a comment.