janesmedicaljournal.app

Cookie Policy

App Name: Jane’s Medical Journal

Granular Classification of Cookies

To satisfy global consent mandates, this policy categorizes cookies based on their specific function, allowing for granular user consent mechanisms where legally required:

  • Strictly Necessary (Essential) Cookies: These cookies are vital for the baseline operation of the account management portal. They encapsulate session identifiers, encrypted authentication tokens, load-balancing routing keys, and critical security mechanisms. Essential cookies cannot be opted out of, as they are required for the service to function.
  • Functional Cookies: These are utilized to remember user interface preferences within the account portal, such as language selections, accessibility settings, or persistent UI themes.
  • Analytics and Performance Cookies: If the portal deploys telemetry to monitor internal error rates, API latency, or server response times, these specific cookies require explicit prior opt-in consent before they can be deployed onto certain users’ devices (such as those in the EU).

Session Security Protocols

Authentication systems rely fundamentally on browser cookies and local storage mechanisms to facilitate robust session state management. We deploy authentication tokens utilizing rigorous security best practices to prevent malicious actors from accessing active sessions.

Authentication cookies are fortified utilizing standard security flags that prevent unauthorized client-side scripts from reading session data and guarantee that the browser will only transmit the cookie over encrypted, secure HTTPS connections. Furthermore, supplementary security mechanisms are deployed alongside authentication cookies to verify that any state-changing request genuinely originates from the user’s intended session and was not forged by a malicious third-party site.

Storage Duration: Session vs. Persistent

We distinguish between session cookies—which are stored only in volatile memory and are permanently deleted the moment the user closes their web browser—and persistent cookies, which remain on the user’s hard drive until a defined expiration date is reached or the user manually clears their browser cache. For secure authentication, we utilize relatively short expiration times coupled with a secure token renewal mechanism, minimizing the window of vulnerability if a device is compromised.