Instructure

Canvas Learning Management System Cookie Notice

Last Updated: 15 September 2023

Instructure, Inc., (and its affiliates and subsidiaries) (“Instructure,” “we,” “our,” or “us”) prepared this Cookie Notice to describe our use of cookies in Canvas Learning Management System (the “Site”). Our Site uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse the Site and allows us to improve the Site. 

Information About Our Use of Cookies

We collect information from you, including browser type, operating system, Internet Protocol (IP) address, domain name, and/or a date/time stamp for your visit, using cookies. 

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site.

Types of Cookies that We Use

We use the following cookies: 

  • Strictly necessary cookies. These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our Site, use a shopping cart or make use of e-billing services. 
  • Functionality cookies. These are used to recognise you when you return to our Site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region)
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Note, we do not use analytical/performance cookies outside the USA.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie

Purpose

Data Processed

Duration

Type

Type

canvas_otp_remember_me 

Used for persistence of a one-time password.

None

Session - Expires at end of the user’s session.

First-party Instructure

Functionality

_legacy_normandy_session

Used to work around iOS12 samesite=none issues.

None

Session - Expires at end of the user’s session.

First-party Instructure

Functionality

_csrf_token

Used for cross-site request forgery protection updates with ajax requests.

None

Session - Expires at end of the user’s session.

First-party Instructure

Strictly Necessary

canvas_session

The cookie is the authenticated session ID for the user for the session in Canvas LMS. It is initiated upon successful authentication to Canvas LMS and is used to maintain an authenticated session for the user for the duration of this session token. This session token is used with all requests during the session. When this cookie expires—either by logging out or by reaching the session token max time —the user is required to re-authenticate to initiate a new session token.

String value of a unique session token instantiated upon successful authentication to the Canvas LMS.

24 hours

First-party Instructure

Strictly Necessary

deleted_page_title

This cookie is used to store the value of a previously existent and recently deleted page. When a user tries to access the previously deleted page, a "page deleted" message with the deleted page title to a user when that page is loaded. Having this value persist in a cookie helps make an intuitive user experience when attempting to access a previously deleted page.

Title of the previous existent page title prior to deletion.

Session - Expires at end of the user’s session.

First-party Instructure

Functionality

last_known_canvas_host

This cookie stores the value of the Canvas hosts last visited by the user. The purpose of this cookie is to provide a smooth user experience when the user is in a logged-out state and Canvas LMS. When the user clicks on “Login” on a Canvas / Instructure website, this cookie is used to redirect the user to the user’s expected Canvas authentication URL for login.

String value containing the most recently visited Canvas hostname.

24 hours

First-party Instructure

Functionality

last_page_view

This cookie is a unique identifier that is included as part of each request during an active session. The purpose of this identifier is to allow for Instructure’s operations and engineering teams track session requests for the entirety of a user session, making the ability to troubleshoot in-session request errors or other user interface errors contrained to this ID.

String value of a unique log session token identifier instantiated upon successful authentication to the Canvas web application.

24 hours

First-party Instructure

Functionality

ui-tabs-*

This cookie is used to remember the focus of a tab within the web user interface (where tabbed content is displayed to the user). These cookies are used by jquery-ui. The purpose of this cookie is to provide a smooth user experience to the user—allowing the user, upon return to the originally in-focus tab when returning to the user interface showing multiple tabs.

String value of the in-focus tab prior to leaving the interface displaying multiple tabs.

Session - Expires at end of the user’s session.

First-party Instructure

Functionality

unsupported_browser_dismissed

This cookie is used to save the users response to a prompt displayed to a user via the web user interface to dismiss the notification. This cookie is used only for users using an unsupported browser and is stored only when the user clicks “Dismiss” on the notification. This cookie tells the application to not show this notification for every loaded page.

Exists if the user has click “Dismiss” on the unsupported browser notification.

Session - Expires at end of the user’s session.

First-party Instructure

Functionality

rldbcv

This cookie is the Respondus lock-down browser authentication challenge cookie. The purpose of this cookie is to force a lock-down of a browser so that forward and backward navigation elements are possible during a workflow-sensitive user interface, like a quiz, exam, test, or other process where navigating forward or backward in the browser would cause an advantage to the user in these scenarios. This cookie represents the challenge token portion of this experience and is written when the page is loaded.

String value to create challenge for Respondus

Expires after response cookie is posted (see rldbrv below).

First Party 

Respondus

Functionality Optional - only used if Customer is using Respondus or Canvas Plagiarism Framework.

rldbrv

Used by Respondus Lockdown Browser. Respondus is used to prevent cheating during exams when testing online.

String value to check response from rldcv cookie.

Expires after a successful response for the loaded web user interface.

First-Party - Respondus

Functionality

Optional - only used if Customer is using Respondus or Canvas Plagiarism Framework.

_hp2_id

Product analytics cookie used to analyze usage patterns in Canvas LMS.

Canvas LMS user Id, pageview Id, session Id, identity, tracker Version, identity Field, is Identified

13 months

First-Party - Respondus

Analytics 

 

This cookie is only used in Canvas LMS that is hosted in the USA.

_hp2_ses_props

Product analytics cookie used by Instructure’s product team to analyze usage patterns in Canvas LMS.

Web page URL string

30 min

First-Party - Respondus

Analytics 

 

This cookie is only used in Canvas LMS that is hosted in the USA.


How to Control and Manage Cookies

You can instruct your browser to refuse cookies or to prompt you before accepting certain cookies from any website that you visit by changing the settings in your browser. However, if you use your browser settings to limit all cookies (including essential cookies), our Site may not function as intended. 

Contact Us

If you have questions, comments, or concerns about this cookie notice, please contact us at: privacy@instructure.com.

0