COOKIE POLICY
Last Updated: 4 May 2026
This Cookie Policy explains which cookies Gameket uses, why we use them, and how they affect your data. Cookies are small text files saved by your browser when you use our website.
We currently use cookies mainly for authentication, account state, and security. We do not use advertising cookies in the current website code.
Cookies We Use
| Cookie Name | Type | Data Stored | Purpose | Retention | Access |
|---|---|---|---|---|---|
| token | Essential | Signed-in user access token (Bearer token) | Authenticates user requests to protected pages and APIs. | Up to 30 days or until logout | HttpOnly |
| isLoggedIn | Essential | Boolean login state | Supports signed-in experience in the interface. | Up to 30 days | Client-readable |
| Functional | User email address | Used for account context and convenience features. | Up to 30 days | Client-readable | |
| avatar | Functional | User avatar URL | Displays the user profile image in the UI. | Up to 30 days | Client-readable |
| isPremium | Functional | Premium subscription status | Enables premium-specific account behavior in the UI. | Up to 30 days | Client-readable |
| premiumDaysLeft | Functional | Remaining premium subscription days | Displays subscription countdown information. | Up to 30 days | Client-readable |
| isSuspended | Essential | Account suspension flag | Helps enforce account restrictions in user flows. | Up to 30 days | Client-readable |
| twoFactorLoginToken | Essential | Temporary two-factor login token | Binds 6-digit authenticator code verification to an active login attempt. | Up to 10 minutes | HttpOnly |
| cookieConsent | Essential | Cookie consent choice | Stores whether you accepted the cookie notice so the banner is not repeatedly shown. | Up to 180 days | Client-readable |
| adminToken | Essential | Admin access token | Authenticates access to admin dashboard and admin APIs. | Up to 30 days or until cleared | HttpOnly |
| authjs.session-token / __Secure-authjs.session-token | Essential | Auth.js session identifier | Maintains session state during Auth.js sign-in flows. | Session or provider-managed | HttpOnly |
| authjs.callback-url | Essential | Post-login return URL | Returns you to the intended page after authentication. | Short-lived | Client-readable |
| authjs.csrf-token | Essential | CSRF protection token | Protects authentication and form actions from CSRF attacks. | Session or short-lived | Client-readable |
How Your Cookie Data Is Used
- • To keep you logged in and protect access to your account.
- • To show account context, such as avatar and premium status.
- • To secure authentication flows with anti-forgery protections.
- • To support admin-area authentication where applicable.
Managing Cookies
You can manage or delete cookies from your browser settings at any time. Please note that disabling essential cookies may prevent login and other account features from working properly.
You can also log out to clear active session-related cookies from Gameket.