Cookies
Cookies are small files saved on your device when you visit a website. We use cookies to make DocDocs work correctly.
How we use cookies
We only use cookies that are strictly necessary for the site to function. We do not use any cookies for analytics, advertising, or tracking. Because these cookies are essential for the service to operate, they do not require your consent — but we want you to know exactly what they are and why we use them.
Essential cookies
Session cookie
| Name | Purpose | Expires |
|---|---|---|
sessionUserId | Keeps you signed in as you navigate the site | 30 days |
This cookie is set when you sign in, either via email magic link or passkey. It is removed when you log out.
Authentication ceremony cookies
| Name | Purpose | Expires |
|---|---|---|
webauthn_reg_challenge | Temporarily stores a security challenge while you register a new passkey | 5 minutes |
webauthn_auth_challenge | Temporarily stores a security challenge while you sign in with a passkey | 5 minutes |
These cookies are used during the passkey sign-in and registration process. They are short-lived and are deleted as soon as the process completes or fails.
Cookie security
All cookies used by DocDocs are:
- HTTP-only — they cannot be read by JavaScript running in your browser, which protects against cross-site scripting attacks
- Signed — they are cryptographically signed so they cannot be tampered with
- Secure — in production, they are only sent over encrypted HTTPS connections
- SameSite — they are not sent with cross-site requests, which protects against cross-site request forgery