Cookies set by Bubble

This article covers cookies used by apps made in Bubble, as opposed to cookies used by the Bubble editor.

What are cookies?

Cookies are small data files stored on your browser by apps and websites. In essence, they allow an app to store some information on the user's hard drive, that they can load the next time a user opens that same app or website.

This opens up for a variety of uses, such as:

  • Remembering information: Cookies can remember login details (such as "remember my email"), preferences (such as language and currency), and other customizations, without the user creating an account or logging in.

  • Session management: they can keep track of the user's activities during a browsing session, which is helpful for things like keeping you logged in as you navigate an app, or keeping items in your shopping cart.

  • Tracking and analytics: Cookies are used to gather information about how you interact with a site. This data helps app and website owners understand user behavior, improve the user experience, and provide relevant content.

  • Security: Cookies play a part in security measures, helping to authenticate users and prevent fraudulent use of login credentials.

Cookies on different devices

Since cookies are filed stored on the user's device, they don't automatically follow a user to a different device. For example, if a non-logged-in user saves some information in your app on their laptop (such as choosing a language), that data is only available on that particular device. If they open up the same page on their phone, they will need to re-set their preferences.

Likewise, since they are stored like any other files on the device's storage, they may be deleted.

How do I control what cookies my app uses?

We can separate cookies in a Bubble app into two categories:

Cookies set by Bubble

These are the cookies Bubble sets by default. You can read more about them in the section below.

Third-party cookies

Third parties may also be adding cookies to a user's device. For example, if you add an analytics service such as Google Analytics (either by using a plugin, or by using a custom code snippet), that service may add additional cookies to work. If a plugin does this, Bubble has no way to offer finer-grained control over those cookies. If this is a concern to you, we recommend you try installing the plugin and seeing what cookies are set in run-mode to determine if it's appropriate for your use case.

Bubble's default cookies

By default, Bubble sets a few cookies on users and visitors of your Bubble app. These are for authentication purposes and enable key functionality of the Bubble platform, such as keeping an end-user logged in, being able to tie a visitor to an app user through sign-up, etc.

To be specific, here are the cookies Bubble sets by default:

  • One to mark the user’s session ID

  • One with the session signature to prevent tampering

  • One that tells the browser who the current user is

Disabling default Bubble cookies

You can use the in the Settings - General sub-tab. This is disabled by default, and needs to be set on each individual app. Keep in mind that disabling cookies can reduce the functionality of your Bubble app.

The setting will mean the following for your app:

  • The following functionality will be disabled:

    • Temporary user accounts for non-logged in users will not be created (which means you can not save any data to the "current user" until the user has logged in.

    • This also means you can no longer transfer data to a user when they sign up (such as storing the items of a shopping cart)

  • Cookies will still be set when:

    • The action is used. This will initiate the creation of the temporary user object in the same way as would otherwise happen automatically, but only on the user who triggers the action.

    • The user logs in or signs up: Bubble can't keep users logged in without cookies, meaning that in this case, cookies will be created regardless.

Default cookies and app performance

The operation of setting cookies on a new user, like any process, requires a tiny bit of work, and as such will slow down the page load slightly. While this is a small performance gain, it can still be worth considering for apps that:

  1. Don't need cookies on all non-logged-in users to function (see the list above for more information)

  2. Depend on as fast a page load as possible (such as for purposes)

  3. Apps that get a lot of traffic, where you want to keep as low as possible

Keep your users in mind; disabling the default cookies can lead to a slight performance gain, but it can come at the cost of user experience.

Default cookies and regulations

Frameworks such as GDPR, have that apply to the use of cookies. We recommend familiarizing yourself with the regulations that apply to your industry and region.

Cookies and subdomains

When you move your app's domain to a subdomain, it can affect the login processes due to cookie handling. Your users might encounter login issues, such as errors stating "incorrect credentials" or "session expired".

This is typically because the existing cookies for the old domain are conflicting with the new subdomain. To resolve this, instruct your end-users to clear their browser cookies for your app's domain, by following the instructions below:

Clearing your app's cookies

For a user to clear the cookies connected to your app, they need to follow the points below. Keep in mind the process may look slightly different based on which browser is used:

  1. Open the browser settings: Each browser has a slightly different way of accessing cookie settings. Generally, you can find these in the privacy or security section of the settings menu.

  2. Navigate to cookie management: Look for options related to privacy, security, or site data. Here, you'll find settings for cookies and site data.

  3. Find the app's domain: Once in the cookie management section, search for the app's domain name.

  4. Delete the cookies: Select the cookies associated with the domain and delete them. This action will remove any stored login information or session data related to your app.

  5. Attempt to log in again: After clearing the cookies, your end-users should be able to log in to your app without encountering the previous errors.

Remember, this step is necessary only if you're changing your app's domain to a subdomain. Keeping your users informed about such changes can help avoid confusion.

Last updated

#829: Flusk: more detailed Issue Descriptions

Change request updated