Cookie policy
(Version 4.0 - April 2024)
The LMS provider use cookies and similar tracking technologies (“Cookies”) to collect personal information about you.
In more details, cookies are text strings created by a server and stored on your computer or mobile device to have access to a specific web page and to recognise your device when you return to that web page again (or visit domains that use the same cookies).
Cookies allow the LMS provider and its business partners to collect information about user or account navigation on LMS services (for example to remind your language preferences) and can later be read during your visit on the LMS services to facilitate your navigation.
Cookies may be stored permanently on your device and have a variable duration (‘persistent cookies’) or disappear when your browser is closed (‘session cookies’).
Cookies can be installed directly by the LMS provider (‘first-party cookies’) or by other third parties (‘third-party cookies’).
Type of cookies used
The Cookies that are used by the LMS provider are categorized as follows, based on
their purpose:
Strictly required cookies: The LMS use session and persistent first party cookies to ensure you a safe and efficient use of the LMS as well as preventing fraudulent activity on the LMS itself. Without these cookies, the LMS would not be able to function properly.
Statistical cookies (also called analytics): Statistical cookies provide the LMS provider statistics about your experience so LMS provider can measure and improve the performance of the services. Depending on where you are based, you may disable these cookies following the instructions set forth below.
Your rights to control cookies
You can control Cookies being recorded by changing your browser settings. Please check for the instructions provided by the major LMS’s supported browsers: Apple Safari (opens in a new tab), Google Chrome (opens in a new tab), Microsoft Edge (opens in a new tab), Microsoft Internet Explorer (opens in a new tab), Mozilla Firefox (opens in a new tab), Opera (opens in a new tab), Android (Chrome)(opens in a new tab), iPhone or iPad (Chrome) (opens in a new tab), iPhone or iPad (Safari) (opens in a new tab).
After doing so, however, certain features of the LMS may not function correctly.
Cookie preference tool
The LMS provider use a cookie governance tool to enable you to customise your cookie preferences. You can easily do so by clicking on the “Cookie Preferences” link on the banner that you see the first time you visit the LMS, or through Cookie Policy link available in your User menu. Please note that the ‘Required Cookies’ cannot be disabled as the LMS provider cannot provide its services without them.
List of cookies
The complete list of Cookies used on the LMS is described in the following table:
Cookie name | Provenance | Type | Duration | Description | Scope | LMS users involved |
persistantCookie | 1st party | Required | Session | Used to implement the “Keep Me Logged in” functionality | LMS Global | All |
YII_CSRF_TOKEN | 1st party | Required | Session | Used to prevent cross-site request forgery attacks. | LMS Global | All |
docebo_session | 1st party | Required | Session | Used to track session-related information. | LMS Global | All |
hydra_access_token | 1st party | Required | Session | Used to share the Oauth2 token between LMS old infrastructure and the new micro service based framework (Hydra). | LMS Global | All |
remember_me | 1st party | Required | Session | Used to implement the “Keep me logged in” functionality. | LMS Global | All |
id_transaction | 1st party | Required | Session | Used to maintain e-commerce transaction ID for payment gateway integrations. | Ecommerce | Learner |
SimpleSAMLAuthToken | 1st party | Required | Session | Used to handle SSO with SAML Identity Providers. | SAML SSO | All |
mprtcid_* | 1st party | Required | Session | Used to save course rating attempts by users. | LMS Global | All |
max_login_attempts_reached_expire_time | 1st party | Required | Session | Used to track failed login attempts | LMS Global | All |
failed_login_attempts | 1st party | Required | Session | Used to track failed login attempts. | LMS Global | All |
reseller_cookie | 1st party | Required | Persistent | Used to track login by LMS provider resellers. | LMS Global | Admin |
AWSALB | 3rd party | Required | Persistent | Generated by AWS to handle loading balancing. | LMS Global | All |
AWSALBCORS | 3rd party | Required | Persistent | Generated by AWS to handle loading balancing. It has an explicit SameSite attribute set because of changes made from Chrome 80 and upwards. |
LMS Global | All |
r | 1st party | Required | Persistent | Used to track the AWS region. It is used internally by the Docebo DevOps Team for diagnostics. | LMS Global | All |
cookie_privacy_policy | 1st party | Required | Persistent | Used to hide the Privacy Policy banner when the user has accepted it. | LMS Global | All |
e-signature-configuration-prompt | 1st party | Required | Persistent | Used to toggle the dialog box of E-Signature One-Time Password (OTP) activation. | E-signature | All |
SAML_login_counter | 1st party | Required | Session | Used to count SAML Login. Used to count the failed login attempts from the same browser in the last 10 seconds. If the counter reaches 5 then the cookie “SAML_login_disabled” is created to block the redirects to IdP. | SAML SSO | All |
SAML_login_disabled | 1st party | Required | Session | Used to break loops when there is a wrong configuration of SAML in place. The system, at 5 failed logins within 10 seconds, no longer tries to redirect. The cookie is set when the “SAML_login_counter” reaches 5, disabling the redirects to IdP." |
SAML SSO | All |
SimpleSAMLSessionID | 1st party | Required | Session | Used to store the SAML Session Id. | SAML SSO | All |
blocksPosition |
1st party | Required | Persistent | Used by an Internal service (theme) to store the items’ order when manually repositioning dashboard list items. | LMS Global | Admin |
_pendo_accountId.* | 3rd party | Statistics | Persistent | Unique platform account identifier used by Pendo to provide statistical data aggregation for the purpose of analyzing the platform usage and improving its design. | LMS Global | Admin & Power User |
_pendo_meta.* | 3rd party | Statistics | Persistent | Anonymized statistical cookie used by Pendo to provide statistical data aggregation for the purpose of analyzing platform usage and improving its design. | LMS Global | Admin & Power User |
_pendo_visitorId.* | 3rd party | Statistics | Persistent | Anonymized statistical cookie used by Pendo to provide statistical data aggregation for the purpose of analyzing platform usage and improving its design. | LMS Global | Admin & Power User |
intercom-session-jeycegl2 | 3rd party | Required | Session | Used to implement the real time chat functionality for contacting the support/sales team. | Intercom realtime chat with Support and/or Sales | Admin |
mktg_user | 3rd party | Required | Session | Used to hold the user authorization flag and it is used across the main (workato.com) and app (app.workato.sites), so we can display the logged-in status on the website. | Docebo Connect | Admin |
_workato_app_session | 3rd party | Required | Session | Used to track state across requests for logged-in users, as part of the app functionality. | Docebo Connect | Admin |
session_id | 3rd party | Required | Session | Used to track Docebo Learn Administrator session-related for information for Docebo Connect only. | Docebo Connect | Admin |
PHPSESSID | 1st party | Required | Session | Keep the user logged in Docebo Impact. | Docebo Learning Impact | All |
isBenchmarkEnabled | 1st party | Required | Persistent | Used in the Docebo Impact reporting tools to save the enablement status of the benchmark for the user. | Docebo Learning Impact | Learner |
dontAskForTimezoneUpdate | 1st party | Required | Persistent | Associated to the user timezone prompts. Used to store the "Don't ask me again" checkbox status for this prompt. | LMS Global | All |
timezone_update_dialog_snooze | 1st party | Required | Persistent | Used to save the "Remind me later" checkbox status and postpone the appearance of the timezone prompt for at least 12 hours. | LMS Global | All |
COOKIE_MOBILE_REQUEST | 1st party | Required | Session | Used to understand if the user has done SSO via browser from GoLearn/Branded app, in order to make the user experience smoother. | Go Learn | All |
_csrf | 1st party | Required | Session | CSRF protection cookie used when OAuth2 token is persisted in cookie rather than local storage. | LMS Global | All |
CloudFront-Policy | 1st party | Required | Session | Used only when signed cookies CDN is enabled. | LMS Global | All |
CloudFront-Signature | 1st party | Required | Session | Used only when signed cookies CDN is enabled. | LMS Global | All |
CloudFront-Key-Pair-Id | 1st party | Required | Session | Used only when signed cookies CDN is enabled. | LMS Global | All |
XSRF-TOKEN | 3rd party | Required | Session | Used to keep a token to verify access to the platform. | Docebo Connect | Admin |
_workato_preferred_theme | 3rd party | Required | Session | Used to show the Workato app in the color theme the user chooses. | Docebo Connect | Admin |
lti_access_token | 1st party | Required | Session | Used to validate the user ID when the user it self wants to play a LTI (Learning Tools Interoperability) training material, as part of the Learn functionality. | LMS Global | All |
community_session |
1st party | Required | Session | Used to track anonymous Communities user sessions | Communities | All |
Cookies for add-on modules
In certain circumstances, you will have access to additional functionalities or software modules for the LMS (e.g. LMS Connect or LMS Content), provided via integrations by LMS business partners. In these cases, cookies and similar technologies might be used by these partners to provide access to these integrations. Please be aware that the LMS do not control, monitor or are responsible for such Cookies and the processing of your personal data associated with it. We encourage you to review their privacy policies via the links below:
Connect (Workato) (opens in a new tab) | Content (Go1) (opens in a new tab) | Content (OpenSesame) (opens in a new tab)
Changes to this cookie policy
The LMS provider may change all or part of this LMS Default Cookie Policy from time to time to reflect its data collection practices, in case of new features involving your personal data, or as required by the law. The version published on the Docebo Knowledge Base website (https://help.docebo.com/hc/en-us/articles/4411472206866-Docebo-Learn-default-Cookie-policy) will be the most current version in force and supersede other versions of this Policy (including the one available by default through the LMS Services) in case of conflicts.