Operational Notice
When your protocol needs to trust the browser, precision starts with a single file.
A rendering engine for IoT dashboards met a gateway for industrial controls. Both used `document.cookie`—but for entirely different reasons. One tracked user sessions; the other synchronized live telemetry. Understanding this distinction is the first step in secure, compliant integration.
The Cookie Spectrum
Not all cookies are created equal. Metrino Pro's infrastructure distinguishes between strictly functional memory and operational state—each with distinct lifespans and security postures.
- ▸ Session Transient: Auth tokens, cleared on exit.
- ▸ Persistent UI: Theme, layout preferences (24h TTL).
- ▸ Analytics (Opt-in): Aggregated performance metrics.
Why We Need To Store Information
Technical Mandate & Functional Integrity
Session Continuity
When you navigate between the Games Portfolio and the Play console, Metrino Pro must know you're the same authenticated user. Cookies provide a lightweight mechanism to maintain this state across stateless HTTP requests, ensuring your assets and license keys load correctly without constant re-authentication.
Performance Optimization
To deliver seamless gameplay and real-time developer tools, we cache non-sensitive configuration data (like viewport size or UI density) locally. This reduces latency by eliminating repeated server calls for unchanged preferences, critical for high-frame-rate interactive experiences.
Compliance & Security
We use a single, essential functional cookie to enforce our Terms of Service and prevent cross-site request forgery (CSRF) attacks on our development environment. This cookie has a strict 1-hour expiration and carries no personally identifiable information.
Transparency Note
We do not use third-party advertising cookies or persistent tracking pixels. Any analytics are fully anonymized, aggregated at the server level, and never linked to individual user accounts. You can toggle non-essential cookies in the global consent banner.
Integration Constraints
Our approach is governed by specific technical and regulatory boundaries. These are not suggestions—they are hard limits in our architecture.
Constraint
Same-Origin Policy Enforcement
All cookies are set with the `SameSite=Strict` attribute. This prevents leakage across subdomains unless explicitly required for cross-origin API calls in the development console.
Trade-off
Offline Functionality vs. State Freshness
We allow limited offline access to the Games Portfolio. This requires a longer-lived cookie for session restoration. If it exceeds 24 hours, we force a security re-validation before granting access to live-play features.
Scenario
A DevOps Engineer's Decision
At 3 AM, a pipeline fails because a new security plugin strips the `Secure` flag from our session cookie on the staging server. The frontend authenticates, but the backend rejects the request. The fix: enforce cookie flag policies at the infrastructure layer, not the application layer.
Technical Specifications
Cookie Attributes & Lifecycle
| Name | Purpose | Lifespan | Attributes |
|---|---|---|---|
| metrino_auth | Authentication & CSRF | 1 Hour | HttpOnly, Secure, SameSite=Strict |
| metrino_pref | UI/UX Preferences | 24 Hours | Secure, SameSite=Lax |
| metrino_anon | Aggregated Metrics | 30 Days (Opt-in) | Secure, SameSite=None |
| cf_clearance | DDoS Protection | 30 Minutes | HttpOnly, Secure, SameSite=Lax |
* All timestamps are in GMT. Lifespans are strictly enforced by the edge security layer.
Need to adjust your cookie settings?
Your privacy choices are respected. Click the cookie icon in the site header at any time to review or change your consent.