Version essential-only
Cookie Policy
Effective date: 3 June 2026
Current cookie posture
MySRS uses only essential first-party storage for secure sign-in, MFA challenge handling and saving the user's cookie preference. No Google Analytics, advertising pixels or marketing trackers are active in the portal code.
Essential cookies
The session cookie is HTTP-only, SameSite strict and secure in production. It stores a random session token only; the server stores a keyed hash of that token. The MFA challenge cookie is short-lived and scoped to authentication routes.
Preference storage
The cookie banner stores the user's essential-only preference in browser local storage. This avoids adding a non-essential tracking cookie for the preference itself.
Optional tracking
Optional analytics or marketing tracking must remain disabled until a consent-managed provider is configured, documented here and loaded only after explicit opt-in.
Browser controls
Users can clear MySRS cookies and local storage in their browser settings. Clearing essential storage signs the user out or makes the cookie banner appear again.