From WHMCS Documentation

Revision as of 16:31, 22 October 2012 by Andrew (talk | contribs)


Cookies are small text files stored by your device when you access most websites on the internet. And WHMCS is no exception. There are two types of cookie:

  • Session cookies - these expire when you close your browser and do not remain on your computer.
  • Persistent cookies - these are stored long term on your computer for a period specified in the code.

Below is an explanation of all the cookies created by the WHMCS client area, which type they are, and what purpose each serves.

  • PHPSESSID - Probably the most common cookie that most PHP based websites will use. This is used to store the unique session ID for each visitor and enables variables to be remembered and passed between page loads. This is a session only cookie so expires as soon as the browser is closed.
  • WHMCSAffiliateID - This cookie gets set when a customer is referred to you via an affiliate. It simply stores the ID of the affiliate that referred them, so that if an order is placed within the next 90 days following the referral, the affiliate gets credited for it. It is a persistent cookie.
  • WHMCSLinkID - This cookie gets set only if you use the link tracking feature of WHMCS (Utilities > Link Tracking). It remembers the link the visitor followed to first get to your website, and is then used when an order is placed to be able to associate the conversion with a link to be able to provide stats on the effectiveness of your links. It is a persistent cookie.
  • WHMCSUID/WHMCSPW - These 2 cookies are used for the remember me functionality of the client area. They only get set should a client choose to have their details remembered so they don't have to re-login every time they visit your website. They are persistant and last for 365 days, or until logout.

Notifying Users

It is our understanding that as the PHPSESSID and WHMCSUID/WHMCSPW cookies are used for keeping track of user input and progressing through the shopping cart, there is no obligation to obtain consent from your visitors as this is one of the exceptions under the EU e-Privacy Directive.

However if you intend to use the affiliate or link tracking features then you should inform clients about the WHMCSAffiliateID and WHMCSLinkID cookies which are used for tracking purposes.