This page outlines the cookie policy for the REF Admin system (‘we’, ‘us’ or ‘our’) website. Your use of this website is subject to our terms of use.
When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your device, for example, your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
Cookies are used to improve services for you, for example by:
- Enabling a service to recognise your device so you don’t have to give the same information during one task
- Recognising that you have already given a username and password so you don’t need to enter it for every web page requested
- Measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast
You can learn about cookies and how to manage them.
For further information on cookies used by this website please contact usersupport@ref.ac.uk
Session based cookies
These expire when you close your browser, they are essential to the operation of the service
- manage-meetings – stores meeting search parameters
- add-additional-attendees – stores additional attendees search parameters
- manage-panel-membership – stores panel member search parameters
- manage-users – stores user search parameters
- add-user – stores user search parameters
Authentication cookies (essential to the operation of the service)
- authjs.session-token – session – JWT token stored by Auth.js”
- authjs.csrf-token – CSRF protection token used during auth flows”
- authjs.callback-url – temporary callback URL for sign-in redirects”
- authjs.pkce.code_verifier – PKCE code verifier for OAuth flow (transient)”
- authjs.state – OAuth state parameter cookie (transient)”
- authjs.nonce – OpenID Connect nonce used to prevent replay attacks
- authjs.challenge – WebAuthn challenge cookie (transient, 15 min expiry)