Skip to main content

Cookies

Cookie Policy

Exhaustive list of cookies and local storage entries used by RackList, their purpose and lifetime.

Last updated:

1.

Overview

RackList primarily sets cookies and local storage entries that are strictly necessary for service operation or that store an explicit user preference (these trackers are exempt from prior consent under Article 82 of the French Data Protection Act). One audience-measurement tool may load after your explicit consent: Cloudflare Web Analytics (no client-side cookie, no personal data, hosted by Cloudflare). No advertising cookie, no behavioural tracking pixel.

This page lists exhaustively every cookie and local storage entry that RackList may set in your browser, and indicates which ones require your prior consent. The general privacy policy remains available - see the links at the bottom of this page.

2.

Cookies and local storage entries

The table below lists every tracker RackList may set. « Strictly necessary » and « user preference » cookies are exempt from consent; the consent banner manages those that require it.

Name Type Lifetime Purpose Consent
PHPSESSID (session) Strictly necessary Session - 24 hours of inactivity maximum Authentication, comparison cart, moderation queue state. Server-side encrypted cookie (Redis), SameSite=Lax, Secure, HttpOnly. Not required (CNIL Article 82 exemption - strictly necessary for service delivery)
csrf-token Strictly necessary (security) Session Cross-Site Request Forgery (CSRF) protection using the double-submit pattern. Without this cookie, no form submission is accepted. Not required (CNIL Article 82 exemption - strictly necessary security purpose)
_locale User preference 1 year (365 days) Stores the chosen interface language (French or English). Lets a non-authenticated user keep their preferred language across visits. Set by App\EventSubscriber\LocaleSubscriber on every response, attributes SameSite=Lax, Secure, HttpOnly=false (must stay readable by the client-side language switcher). Not required (CNIL exemption for user-interface customisation cookies resulting from an explicit user action - CNIL guideline 2020-091 art. 5)
localStorage: theme User preference (local storage) Persistent - until manually cleared by the user Stores the chosen light/dark theme. Stored only in the browser, never transmitted to the server. Not required (data stored locally, never transmitted to the server, explicit user choice)
rl_cookie_consent Strictly necessary (consent proof) 6 months (15 552 000 seconds) Stores your choice in the consent banner (accepted categories, policy version, timestamp). No personal data; only the list of accepted categories + the policy version. Readable client-side (HttpOnly=false) so the banner stays hidden between page loads. SameSite=Lax, Secure. Not required (CNIL - cookie strictly necessary to keep proof of consent, GDPR art. 7.1 - the controller must be able to demonstrate consent)
Cloudflare Web Analytics (external script) Audience measurement (consent required) No cookie is set by the script; anonymous audience measurement on the Cloudflare side Audience-measurement beacon dynamically injected after the « analytics » category is accepted in the banner. Source: https://static.cloudflareinsights.com/beacon.min.js. No third-party cookie, no personal data transmitted (Cloudflare states it collects no IP, no user ID, no browser fingerprint). Provides aggregated page-traffic metrics. Required (CNIL - audience measurement not strictly necessary, subject to prior consent). Managed by the RackList consent banner, « analytics » category.
3.

Cookie categories used

Strictly necessary cookies

Indispensable to service operation: authentication, security (CSRF), session maintenance, consent proof (`rl_cookie_consent` cookie). Without them, the platform's core features (login, form submission, moderation queue) do not work. Exempt from prior consent under Article 82 of the French Data Protection Act.

Preference cookies

Store an explicit user choice (language, theme). Compliant with CNIL doctrine (guidelines 2020-091, art. 5), which exempts from consent any cookie resulting from a customisation action explicitly triggered by the user. These cookies are never used to profile the user nor to measure their activity.

Audience measurement (Cloudflare Web Analytics)

A single audience-measurement tool may load after your explicit consent: Cloudflare Web Analytics. The `https://static.cloudflareinsights.com/beacon.min.js` beacon is dynamically injected by the browser only if you accepted the « analytics » category in the consent banner. Cloudflare states that it sets no cookie, collects no IP and does not profile visitors (https://blog.cloudflare.com/privacy-first-web-analytics/). You can withdraw this consent at any time via the « Manage my consents » button further down on this page.

What we never use

  • No third-party analytics with profiling (Google Analytics, Matomo Cloud, Mixpanel, etc.)
  • No advertising or remarketing cookies (Facebook Pixel, Google Ads, Criteo, etc.)
  • No social-share pixels (embedded Facebook/Twitter/LinkedIn buttons)
  • No behavioural fingerprinting (canvas, WebGL, audio, hardware sniffing)
  • No other cookie set by a third-party domain from our public pages
4.

Manage my consents

You can adjust or withdraw your consent for non-strictly-necessary cookies at any time. The button below reopens the consent banner with your current choice pre-filled.

Withdrawing consent deletes the `rl_cookie_consent` cookie and triggers the banner again on the next page load. Compliant with GDPR art. 7.3 (withdrawing consent must be as easy as giving it).

5.

How to control cookies

You retain full control over the cookies set by RackList:

RackList consent banner

On first page load, a banner appears at the bottom of the screen and lets you accept, reject or customise the non-strictly-necessary categories (audience measurement). Refusing is as easy as accepting (CNIL cookies guidelines 2020). Your choice is kept for 6 months in the `rl_cookie_consent` cookie. On expiry, the banner appears again.

From your browser

Every modern browser allows you to refuse, block or delete cookies for a given site. Follow your browser documentation (Firefox, Chrome, Safari, Edge, Brave) - look for the « Cookie management » section.

Clearing RackList cookies

You can delete RackList cookies at any time from your browser settings (« Site data » or « Cookies » section). Note that clearing the session cookie will log you out, clearing the `_locale` cookie will revert to the default language detected from the `Accept-Language` header, and clearing the `rl_cookie_consent` cookie will trigger the consent banner again on your next visit.

Impact of blocking

Blocking strictly necessary cookies (`PHPSESSID`, `csrf-token`, `rl_cookie_consent`) prevents the use of authenticated features and the persistence of your banner choice. Blocking preference cookies (`_locale`, `theme`) has no functional impact: the platform simply falls back to default values. Refusing audience measurement (« analytics » category) has no functional impact.

6.

Contact and privacy policy

For any question regarding this cookie policy or the protection of your personal data, contact the publisher at contact@racklist.eu. This cookie policy complements the privacy policy, which details every personal-data processing operation performed by RackList.

7.

Changes

Any update to this cookie policy (new cookie, TTL change, new technical processor, change in the list of consent-bound categories) will be dated and published on this page. Any substantial change bumps the consent policy version (`rl_cookie_consent.v`) and triggers an automatic banner re-prompt to collect an up-to-date consent (GDPR art. 7.3).

Related documents