Cookie Policy

Effective date: 2026-02-04

0. Overview

This Cookie Policy explains how we use cookies and similar technologies on dev.todo.makestack.eu (the "Service").

Scope: This Service uses NextAuth for authentication via Google OAuth.

Key point: We use cookies that are strictly necessary to sign you in and keep your session secure.

1. What are cookies?

Cookies are small text files stored on your device when you visit a website. They are commonly used to make websites work, keep sessions secure, and remember preferences.

2. Why we use cookies

We use cookies primarily to:

Authenticate you via Google OAuth (NextAuth sign-in flow)
Maintain your signed-in session
Protect against forgery and abuse (e.g., CSRF protection)
Remember sign-in redirect destinations

Without these cookies, sign-in and session management will not work correctly.

3. Cookies we set (NextAuth)

Based on your current configuration, the Service sets the following NextAuth cookies:

Cookie name	Purpose	Category	Observed / typical attributes	Typical retention
`next-auth.session-token`	Stores the session token used to keep you signed in and identify your session. (With JWT strategy, this cookie commonly contains a signed token.)	Strictly necessary	`HttpOnly`: yes (observed) `SameSite`: `Lax` (observed) `Path`: `/` (observed) `Secure`: typically yes in production over HTTPS	Usually session-based or up to the configured NextAuth session lifetime (commonly days/weeks).
`next-auth.csrf-token`	CSRF protection for authentication-related actions (helps ensure requests are coming from your browser).	Strictly necessary	`HttpOnly`: yes (observed) `SameSite`: `Lax` (observed) `Path`: `/` (observed) `Secure`: typically yes in production over HTTPS	Typically session (or short-lived).
`next-auth.callback-url`	Stores the URL you should be redirected to after successful sign-in.	Strictly necessary	`SameSite`: `Lax` (observed) `Path`: `/` (observed) `Secure`: typically yes in production over HTTPS	Typically session (or short-lived).

Note: In production, NextAuth may use cookie name prefixes like __Secure- or __Host-depending on your setup. Cookie names and lifetimes can also vary depending on your NextAuth configuration and whether you use JWT sessions or database sessions.

4. Analytics / advertising cookies

We do not use advertising cookies. If analytics or marketing cookies are added in the future, we will update this policy and, where required, provide a consent mechanism before setting non-essential cookies.

5. Managing cookies

You can control and delete cookies via your browser settings. Most browsers let you:

View stored cookies
Delete all or selected cookies
Block cookies for specific sites
Block all cookies

If you block strictly necessary cookies, the Service (including sign-in) may not function correctly.

6. Updates to this policy

We may update this Cookie Policy from time to time. We will update the effective date at the top of this page when changes are made.

7. Contact

If you have questions about this Cookie Policy, contact us:

Email: moksov@gmail.com