Instructure
Canvas Learning Management System Cookie Notice
Last Updated: 15 September 2023
Instructure, Inc., (and its affiliates and subsidiaries) (“Instructure,” “we,” “our,” or “us”) prepared this Cookie Notice to describe our use of cookies in Canvas Learning Management System (the “Site”). Our Site uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse the Site and allows us to improve the Site.
Information About Our Use of Cookies
We collect information from you, including browser type, operating system, Internet Protocol (IP) address, domain name, and/or a date/time stamp for your visit, using cookies.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site.
Types of Cookies that We Use
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our Site, use a shopping cart or make use of e-billing services.
- Functionality cookies. These are used to recognise you when you return to our Site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region)
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Note, we do not use analytical/performance cookies outside the USA.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|
Cookie |
Purpose |
Data Processed |
Duration |
Type |
Type |
|---|---|---|---|---|---|
|
canvas_otp_remember_me |
Used for persistence of a one-time password. |
None |
Session - Expires at end of the user’s session. |
First-party Instructure |
Functionality |
|
_legacy_normandy_session |
Used to work around iOS12 samesite=none issues. |
None |
Session - Expires at end of the user’s session. |
First-party Instructure |
Functionality |
|
_csrf_token |
Used for cross-site request forgery protection updates with ajax requests. |
None |
Session - Expires at end of the user’s session. |
First-party Instructure |
Strictly Necessary |
|
canvas_session |
The cookie is the authenticated session ID for the user for the session in Canvas LMS. It is initiated upon successful authentication to Canvas LMS and is used to maintain an authenticated session for the user for the duration of this session token. This session token is used with all requests during the session. When this cookie expires—either by logging out or by reaching the session token max time —the user is required to re-authenticate to initiate a new session token. |
String value of a unique session token instantiated upon successful authentication to the Canvas LMS. |
24 hours |
First-party Instructure |
Strictly Necessary |
|
deleted_page_title |
This cookie is used to store the value of a previously existent and recently deleted page. When a user tries to access the previously deleted page, a "page deleted" message with the deleted page title to a user when that page is loaded. Having this value persist in a cookie helps make an intuitive user experience when attempting to access a previously deleted page. |
Title of the previous existent page title prior to deletion. |
Session - Expires at end of the user’s session. |
First-party Instructure |
Functionality |
|
last_known_canvas_host |
This cookie stores the value of the Canvas hosts last visited by the user. The purpose of this cookie is to provide a smooth user experience when the user is in a logged-out state and Canvas LMS. When the user clicks on “Login” on a Canvas / Instructure website, this cookie is used to redirect the user to the user’s expected Canvas authentication URL for login. |
String value containing the most recently visited Canvas hostname. |
24 hours |
First-party Instructure |
Functionality |
|
last_page_view |
This cookie is a unique identifier that is included as part of each request during an active session. The purpose of this identifier is to allow for Instructure’s operations and engineering teams track session requests for the entirety of a user session, making the ability to troubleshoot in-session request errors or other user interface errors contrained to this ID. |
String value of a unique log session token identifier instantiated upon successful authentication to the Canvas web application. |
24 hours |
First-party Instructure |
Functionality |
|
ui-tabs-* |
This cookie is used to remember the focus of a tab within the web user interface (where tabbed content is displayed to the user). These cookies are used by jquery-ui. The purpose of this cookie is to provide a smooth user experience to the user—allowing the user, upon return to the originally in-focus tab when returning to the user interface showing multiple tabs. |
String value of the in-focus tab prior to leaving the interface displaying multiple tabs. |
Session - Expires at end of the user’s session. |
First-party Instructure |
Functionality |
|
unsupported_browser_dismissed |
This cookie is used to save the users response to a prompt displayed to a user via the web user interface to dismiss the notification. This cookie is used only for users using an unsupported browser and is stored only when the user clicks “Dismiss” on the notification. This cookie tells the application to not show this notification for every loaded page. |
Exists if the user has click “Dismiss” on the unsupported browser notification. |
Session - Expires at end of the user’s session. |
First-party Instructure |
Functionality |
|
rldbcv |
This cookie is the Respondus lock-down browser authentication challenge cookie. The purpose of this cookie is to force a lock-down of a browser so that forward and backward navigation elements are possible during a workflow-sensitive user interface, like a quiz, exam, test, or other process where navigating forward or backward in the browser would cause an advantage to the user in these scenarios. This cookie represents the challenge token portion of this experience and is written when the page is loaded. |
String value to create challenge for Respondus |
Expires after response cookie is posted (see rldbrv below). |
First Party Respondus |
Functionality Optional - only used if Customer is using Respondus or Canvas Plagiarism Framework. |
|
rldbrv |
Used by Respondus Lockdown Browser. Respondus is used to prevent cheating during exams when testing online. |
String value to check response from rldcv cookie. |
Expires after a successful response for the loaded web user interface. |
First-Party - Respondus |
Functionality Optional - only used if Customer is using Respondus or Canvas Plagiarism Framework. |
|
_hp2_id |
Product analytics cookie used to analyze usage patterns in Canvas LMS. |
Canvas LMS user Id, pageview Id, session Id, identity, tracker Version, identity Field, is Identified |
13 months |
First-Party - Respondus |
Analytics This cookie is only used in Canvas LMS that is hosted in the USA. |
|
_hp2_ses_props |
Product analytics cookie used by Instructure’s product team to analyze usage patterns in Canvas LMS. |
Web page URL string |
30 min |
First-Party - Respondus |
Analytics This cookie is only used in Canvas LMS that is hosted in the USA. |
How to Control and Manage Cookies
You can instruct your browser to refuse cookies or to prompt you before accepting certain cookies from any website that you visit by changing the settings in your browser. However, if you use your browser settings to limit all cookies (including essential cookies), our Site may not function as intended.
Contact Us
If you have questions, comments, or concerns about this cookie notice, please contact us at: privacy@instructure.com.