Los clientes de Apigee pueden proporcionar productos de APIs a los clientes (desarrolladores de apps) con un portal para desarrolladores. En este documento, se describe cómo se usan las cookies para ofrecer esta experiencia a los usuarios del portal.
Cookies para todos los visitantes
JSESSIONID: Un valor aleatorio que se usa para correlacionar solicitudes web con sesiones.
X-Apigee-CSRF2: Se usa para todos los visitantes de un sitio, pero solo se propaga después de que un usuario se autentica. Ayuda a protegerse de las falsificaciones de solicitudes entre sitios.
Cookies adicionales para usuarios autenticados
portalSession: un token de sesión de JWT que se usa para autenticar solicitudes.
Se borra al salir.
portalRefresh: Un token de actualización de JWT que se usa para generar un token de sesión nuevo. Se borra al salir.
Cookies específicas para el servicio de identidad
SSO_JSESSIONID: El servicio de identidad lo usa a fin de mantener una sesión de acceso para el usuario y mantener el estado durante el acceso.
route: Se usa a fin de enrutar a un usuario a una instancia de identidad para su sesión.
X-Uaa-Csrf: Lo usa el servicio de identidad para protegerse contra las falsificaciones de solicitudes entre sitios.
Uso de reCAPTCHA
El servicio de identidad usa reCAPTCHA para protegerte contra actores robots, que pueden utilizar cookies adicionales, incluido el dominio google.com.
Consulta la documentación de reCAPTCHA sobre su uso de cookies.
Cookies obsoletas
portalDefaultDomain (obsoleto): Se usaba para los portales en los que el dominio personalizado se habilitó antes del 18 de febrero de 2020. Determinaba a qué dominio enviar solicitudes y, desde entonces, dejó de estar disponible. Inhabilita y vuelve a habilitar el dominio personalizado de cualquier portal lo quitará.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[[["\u003cp\u003eThis document outlines the various cookies used by Apigee and Apigee hybrid developer portals to manage user sessions, authentication, and security, with a focus on their purpose and attributes.\u003c/p\u003e\n"],["\u003cp\u003eSeveral cookies, including JSESSIONID and X-Apigee-CSRF2, are utilized for all visitors to correlate web requests with sessions and protect against cross-site request forgeries.\u003c/p\u003e\n"],["\u003cp\u003eAuthenticated users have additional cookies like portalSession and portalRefresh, which are JWT tokens used for authentication and token refreshing, respectively, and are cleared upon logout.\u003c/p\u003e\n"],["\u003cp\u003eThe identity service employs cookies such as SSO_JSESSIONID, route, and X-Uaa-Csrf to maintain user login sessions, manage user routing, and prevent cross-site request forgeries.\u003c/p\u003e\n"],["\u003cp\u003ereCAPTCHA integration adds a recaptcha-ca-t cookie to enhance security and protect against robot actors, alongside potential cookies from the google.com domain.\u003c/p\u003e\n"]]],[],null,["# Cookies\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\nBackground\n----------\n\n\nApigee customers can provide API products to customers (app developers) with\na developer portal. This document describes how cookies are used to deliver\nthis experience for portal users.\n| **Note:** Unless otherwise specified, cookies may be assumed to to have at least the following attributes:\n|\nCookies for all visitors\n------------------------\n\n- **JSESSIONID**: A random value that is used to correlate web requests with sessions.\n- **X-Apigee-CSRF2** : Used for all visitors to a site, but is only populated after a user authenticates. It helps to protect against cross-site request forgeries. **Note:** This cookie intentionally sets the `HttpOnly` attribute to `false`, as its only purpose is to be read by the client.\n\nAdditional cookies for authenticated users\n------------------------------------------\n\n- **portalSession**: A JWT session token used to authenticate requests. It is cleared on logout.\n- **portalRefresh**: A JWT refresh token used to generate a new session token. It is cleared on logout.\n\nCookies specific to the identity service\n----------------------------------------\n\n- **SSO_JSESSIONID**: Used by the identity service to maintain a logged in session for the user and to maintain state during login.\n- **route**: Used to route a user to an identity instance for their session.\n- **X-Uaa-Csrf**: Used by the identity service to protect against cross-site request forgeries\n\nUse of reCAPTCHA\n----------------\n\n\nreCAPTCHA is used by the identity service to protect against robot actors,\nwhich may utilize additional cookies, including the google.com domain.\nSee\n[reCAPTCHA documentation](https://developers.google.com/recaptcha/docs/faq#does-recaptcha-use-cookies) regarding their use of cookies.\n\n\nThe integration with reCAPTCHA generates the **recaptcha-ca-t** cookie, which is used to\nprovide security integration and protection against robot actors.\n\nDeprecated Cookies\n------------------\n\n- **portalDefaultDomain**(deprecated): Was used for portals where the custom domain was enabled before February 18, 2020. It determined which domain to send requests to, and it has since been deprecated. Disabling and re-enabling the custom domain of any portal will remove it."]]
