Skip to content

Cookies and Privacy

IXP Manager is open-source and free software. Any individual or organisation who installs IXP Manager and/or makes it available for use must ensure that they are complying with all appropriate data protection legislation in their jurisdiction as the data controller.

This page details what the developers consider appropriate information to the best of their knowledge for helping such organisations with such compliance. Note also that the information herein is based on IXP Manager's default configuration.


Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by your web browser. Cookies can generally be easily viewed and deleted via your browser's functionality. Each cookie is unique to your web browser and will usually contain information such as the cookie name, a unique identifier, and the website's host name or domain name.

IXP Manager uses a PHP web application framework called Laravel and it generates two encrypted cookies which are required to use the application:

Cookie Name Purpose and Description Classification Lifetime
laravel_session Session management - since HTTP driven applications are stateless, sessions provide a way to store information about the user across multiple requests. These cookies are encrypted by the server and the client browser only receives and stores the encrypted version. Strictly Necessary 120 minutes
XSRF-TOKEN Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user. Laravel stores the current CSRF token in an encrypted XSRF-TOKEN cookie that is included with each response generated by the framework. Strictly Necessary 120 minutes

A third cookie is generated if a user optionally invokes the Remember Me functionality during login / authentication:

Cookie Name Purpose and Description Classification Lifetime
remember_web_xxx Session management cookie to facilitate longer sessions and multiple session functionality. These cookies are encrypted by the server and only the encrypted version exists on the client side browser. These only contain a session ID. The server records the user's IP address and a browser identifier (e.g. Macintosh 10 / Firefox 109.0) so that users can identify and optionally delete long-lived sessions in the user interface. Strictly Necessary 30 days

IXP Manager does not generate any other cookies.

Strictly Necessary cookies

Strictly Necessary cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. For example, these cookies let us recognise that you have an account and you have logged into that account. These necessary cookies also allow the portal to remember you and avoid having to log you in on each site visit, or to prevent cross-site scripting security issues.

IXP Manager uses only first-party strictly necessary cookies. IXP Manager does not use third-party cookies.

Cookies and EU ePrivacy and GDPR Law

As IXP Manager generates only Strictly Necessary cookies, it does not need to receive users' consent for the use of these cookies.

Data Protection and Privacy

The following table is a summary of personal data collected by IXP Manager and for what purpose / activity:

Data Collected Purpose / Activity
Contact details including name, position and role, phone number, email address, etc. These are stored on a per member basis and customer admins can also add, edit and remove these. To manage and facilitate customers / members of an exchange; usually in the performance of a contract.
Usernames and passwords To provide members / customers with access to secure areas of IXP Manager; usually in the performance of a contract.
Login history (IP address, date and time) To provide an auditable record of when users logged into IXP Manager; usually in compliance with ISMS policies.
Login IP address and browser identifier To enable users to identify and optionally delete long-lived sessions that they opt into.
Generic note fields Many records on IXP Manager allow admins to enter free text notes. You should ensure you have appropriate policies for this. Their use would be to manage and facilitate customers / members of an exchange; usually in the performance of a contract.
Document store - file uploads Admins can upload files to a central store or to a per customer / member store. You should ensure you have appropriate policies for this. The suggested use case is copies of contracts; service order forms; etc.

Correctness and Disclaimer

This information is correct as of November 2023 for the IXP Manager application as distributed and unaltered from its official source code repository at inex/IXP-Manager. Some IXPs may install it on domains hosting other web sites / applications which may generate their own domain-scoped cookies.

The cookie lifetimes provided above are the defaults but are configurable.

Last update: November 1, 2023