Can anyone give me a brief summary of how is the ory_kratos_continuity cookie used and what is its max age

Hi @some-addition-86177 It depends on the flow, but it's usually used when the user has to move across flows. Or when the user is navigated away to a different page and then returned, like in an OIDC login flow. The age i think depends on the flow, but below is where it is set for 30min on a login flow for social sign in. https://github.com/ory/kratos/blob/aa123f7fb92e882cd2722deb83a57131d8b3de18/selfservice/strategy/oidc/strategy_login.go#L195-L203

Thanks for the response Alano. Just a few more questions: • are you sure the 30 mins refer to the expiry time of the continuity cookie itself? I tried to follow the code and from what I see on my browser it seems like the value is always set to 30 days - https://github.com/gorilla/sessions/blob/main/store.go#L53 • can you give me an example for the “move accross flows” use case, like what does the cookie help with Asking these questions because I need to describe all the cookies used across my platform in a cookies policy doc and since this is provided by Kratos I dont have the exact details around it

hmm, not sure then. It's used to store metadata about the flow so the user can continue normally when "disrupted". For example: 1. User logs in 2. They navigate to settings (set continuity_cookie) 3. They want to change password 4. Submit triggers a different flow (login 2FA) 5. User needs to provide TOTP code or hardware key 6. User is returned back to the settings flow with the metadata in-tact (restore from continuity_cookie) I don't know all the things the cookie stores to make the flow possible. But it's a purely functional cookie and it doesn't do any kind of "user tracking" etc.

Got it, okay thanks for the info