Cookies used by Simpplr
Updated 4 days ago
/ /
Why Simpplr uses Cookies
Simpplr uses cookies to help you sign in securely, keep your data safe, improve app performance, and understand usage through analytics. On this page, you’ll find details about the cookies we use, why we use them, how long they stay, and whether they come from Simpplr or a trusted third party.
Cookie categories
Cookies used in Simpplr fall into the following categories:
Strictly necessary cookies – Required for core functionality such as login, authentication, and security.
Preferences Cookies – Store user settings such as language or display options.
Statistics Cookies – Collect analytics on usage patterns to improve the platform.
Analytics/performance cookies (via RudderStack) – Tracks page activity, user identity, session details, search behavior, and browser/device context.
Each cookie can be either:
Persistent – Remains stored until expiry or manual deletion.
Session – Deleted when the browser session ends.
Cookies may also be:
First-party – Set directly by Simpplr.
Third-party – Set by partner services integrated into Simpplr.
Simpplr application cookies
Cookie name | Purpose | Duration | Provenance | Usage | Notes |
|---|---|---|---|---|---|
token | Strictly Necessary (Authentication) | Persistent (can be set to Session) | First party | Authentication | Can be made session-based via Security > Session Settings |
ftoken | Strictly Necessary (Authentication) | Persistent (default | First party | Authentication | Can be session-based, see Security settings |
csrfid | Strictly Necessary (Security) | Persistent (default | First party | Protects against CSRF attacks | If session cookies are set to non-persistent, this follows |
Yellow.ai virtual assistant cookies
Cookie name | Purpose | Duration | Provenance | Domain | Usage | Notes |
|---|---|---|---|---|---|---|
ym_xid | Strictly Necessary (Virtual Assistant sessions) | 8 hrs (agent role) / 24 hrs (mobile app) | Third party |
| Tracks login sessions | Mandatory; platform does not function without it |
_hjSession, _hjSessionUser, ph_phc*, _cfuvid, G_ENABLED_IDPS | Statistics & Tracking | Session/Persistent (varies) | Third party |
| Analytics, personalization | Set by Yellow.ai partner integration |
Note: Yellow.ai does not provide end-user cookie choice only if the integration is enabled for the tenant . Documentation is limited as these are internal to Yellow.ai.
Analytics cookies
Cookie name | Purpose | Duration | Provenance | Domain | Usage | Notes |
|---|---|---|---|---|---|---|
rl_anonymous_id, rl_page_init_referrer, rl_session, rl_user_id, rl_trait | Statistics | Persistent | First party |
| App analytics | Set by RudderStack integration |
_cf_bm | Bot management | Persistent | Third party |
| Cloudflare bot management | Not related to analytics |
Other integrations
Google analytics 4 (GA4) – Cookies set only if enabled by the customer. See GA4 Help.
Aisera – Cookies set only if enabled by the customer.
Key Notes
Cookie persistence can be controlled via Security > Session Settings in Simpplr. This option is availble behind a feature flag. Connect with support to enable it.
Third-party integrations (e.g., Yellow.ai, GA4) may have their own cookie policies.
Session cookies expire on browser close
This security setting ensures that your Simpplr session ends when you close your browser. When enabled, users will need to sign in again after reopening the browser. This helps prevent unintended access on shared or public computers.
Who is this for
App Managers / Admins who want stronger sign-in security
Organizations where users may access Simpplr from shared devices (kiosks, hospital stations, front desks, etc.)
What changes when you enable it
When enabled
Closing the browser ends the active session.
Reopening the browser and returning to Simpplr prompts the user to sign in again (or go through your SSO flow).
When disabled
Closing the browser may not end the session immediately.
Users may remain signed in until they explicitly sign out or the session expires based on your organization’s session policy.
How to enable (Admin)
Sign in as an App manager.
Go to Manage application.
Open the Security tab.
Find Session settings.
Turn on Clear session on browser close (wording may vary slightly).
Save your changes.
What users should expect
After the setting is enabled:
Users who close the browser completely will be signed out.
Users may need to log in again the next time they open the browser and access Simpplr.
Note: This is typically triggered when the entire browser is closed (all windows), not just a single tab.
Troubleshooting
Users are still signed in after closing the browser
Check the following:
Ensure the browser was fully closed (all windows), not just the Simpplr tab.
Ask the user to sign out once, then sign back in (so the new session follows the updated policy).
If the browser restores previous sessions on startup, behavior can vary depending on browser settings.
Users are being prompted to sign in too often
If this increases friction for your users, consider whether you want this enabled for all users or only during certain periods (e.g., for shared-device teams). You can disable the setting at any time in the same location.
FAQ
Q: Does this affect SSO?
A: No—users will still authenticate using your configured sign-in method (including SSO). This setting simply controls whether the session persists after the browser closes.
Q: Is this the same as an idle timeout?
A: Not exactly. Idle timeout signs users out after inactivity. This setting signs users out when the browser is closed.
Was this article helpful?
Subscribe to receive updates on this article