Cookie Policy
Learn about how SmartMove utilizes secure HttpOnly state, CSRF tokens, and client preferences to deliver a protected and responsive experience.
Secure Token Architecture
Unlike generic platforms that store authentication in raw browser scripts, SmartMove implements a strict token system using cryptographically signed cookies. This ensures your authorization tokens cannot be accessed, read, or modified by unauthorized client-side scripts.
| Cookie Name | Purpose | Security Flags | Lifespan |
|---|---|---|---|
access_token | Primary JWT token utilized to authenticate API requests. | HttpOnly Secure SameSite=Lax | Short-lived |
refresh_token | Token used to silently renew your access token when it expires. | HttpOnly Secure SameSite=Lax | Long-lived |
csrftoken | Prevents Cross-Site Request Forgery (CSRF) exploits on mutable endpoints. | Secure SameSite=Lax | Session |
Local Preferences (localStorage)
We do not track you across the web. To enhance usability and prevent layout resetting, we store basic ui states directly in your browser's local storage:
- smartmove-country: Remembers your active country environment (e.g., London, Dubai, Cairo) so that the correct currency, indicators, and thematic atmosphere load seamlessly.
- smartmove-region: Keeps your active dataset region synchronized across the analytics portals.
- smartmove-theme: Saves your selection of dark or light visual interface styles.
Why We Leverage HttpOnly Flags
By applying the HttpOnly attribute to our session cookies, the browser blocks standard JavaScript calls (like document.cookie) from reading them. This forms a foundational barrier against Cross-Site Scripting (XSS) attacks, keeping your workspace session and database uploads safe.